diff --git a/.github/workflows/analyze-target.yml b/.github/workflows/analyze-target.yml index c9ee7e0e058..c185fa6f75c 100644 --- a/.github/workflows/analyze-target.yml +++ b/.github/workflows/analyze-target.yml @@ -1,7 +1,7 @@ name: "Analyze (target)" on: pull_request_target: - branches: [master, sssd-2-7, sssd-2-8] + branches: [master, sssd-2-7, sssd-2-8, sssd-2-9] concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number }} cancel-in-progress: true @@ -13,14 +13,14 @@ jobs: pull-requests: write steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha }} persist-credentials: false - name: Perform cppcheck analysis # v0.0.11 is the latest release but we need a later commit - uses: linuxdeepin/action-cppcheck@9ef62c4ec8cd5660952cd02c58b83fa57c16a42b + uses: linuxdeepin/action-cppcheck@e63fb1d3f321e0467737aa9de7f691360fb1b8fb with: github_token: ${{ secrets.GITHUB_TOKEN }} repository: ${{ github.repository }} @@ -36,13 +36,13 @@ jobs: timeout-minutes: 1440 steps: - name: Checkout target branch - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.base_ref }} path: target - name: Checkout pull request branch - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha }} path: pr @@ -76,7 +76,7 @@ jobs: - name: Upload artifacts if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: if-no-files-found: ignore name: covscan diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e558e0f6cfe..9b38ea62531 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,9 +1,9 @@ name: "ci" on: push: - branches: [master, sssd-2-7, sssd-2-8] + branches: [master, sssd-2-7, sssd-2-8, sssd-2-9] pull_request: - branches: [master, sssd-2-7, sssd-2-8] + branches: [master, sssd-2-7, sssd-2-8, sssd-2-9] concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true @@ -15,7 +15,7 @@ jobs: contents: read steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install dependencies id: dependencies @@ -45,7 +45,7 @@ jobs: source ../contrib/fedora/bashrc_sssd make distcheck - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 if: always() with: name: build @@ -63,7 +63,7 @@ jobs: matrix: ${{ steps.matrix.outputs.matrix }} steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Get matrix id: matrix @@ -80,7 +80,7 @@ jobs: contents: read steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: sssd @@ -115,7 +115,7 @@ jobs: - name: Upload main artifacts if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: if-no-files-found: ignore name: ${{ matrix.tag }}-intgcheck @@ -124,10 +124,11 @@ jobs: ./sssd/ci-build-debug/ci-*.log ./sssd/ci-build-debug/test-suite.log ./sssd/ci-build-debug/ci-mock-result/*.log + ./sssd/ci-build-debug/src/tests/cwrap/test-suite.log - name: Upload valgrind artifacts if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: if-no-files-found: ignore name: ${{ matrix.tag }}-intgcheck-valgrind @@ -145,7 +146,7 @@ jobs: contents: read steps: - name: Checkout sssd repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: sssd @@ -214,7 +215,7 @@ jobs: pip3 install -r ./sssd/src/tests/multihost/requirements.txt - name: Create multihost configuration - uses: DamianReeves/write-file-action@41569a7dac64c252caacca7bceefe28b70b38db1 + uses: DamianReeves/write-file-action@0a7fcbe1960c53fc08fe789fa4850d24885f4d84 with: path: mhc.yml write-mode: overwrite @@ -237,7 +238,7 @@ jobs: - name: Upload artifacts if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: if-no-files-found: ignore name: ${{ matrix.tag }}-multihost @@ -258,7 +259,7 @@ jobs: contents: read steps: - name: Checkout sssd repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: sssd @@ -276,12 +277,22 @@ jobs: - /dev/shm volumes: - ../sssd:/sssd:rw + ipa: + image: ${REGISTRY}/ci-ipa-devel:${TAG} + shm_size: 4G + tmpfs: + - /dev/shm + volumes: + - ../sssd:/sssd:rw - - name: Build SSSD on the client + - name: Build SSSD on the client and IPA uses: SSSD/sssd-ci-containers/actions/exec@master with: log-file: build.log working-directory: /sssd + where: | + client + ipa script: | #!/bin/bash set -ex @@ -294,22 +305,35 @@ jobs: /sssd/configure --enable-silent-rules make rpms - - name: Install SSSD on the client + - name: Install SSSD on the client and IPA uses: SSSD/sssd-ci-containers/actions/exec@master with: log-file: install.log user: root + where: | + client + ipa script: | #!/bin/bash set -ex - dnf remove -y --noautoremove sssd\* dnf install -y /dev/shm/sssd/rpmbuild/RPMS/*/*.rpm rm -fr /dev/shm/sssd # We need to reenable sssd-kcm since it was disabled by removing sssd not not enabled again systemctl enable --now sssd-kcm.socket + - name: Restart SSSD on IPA server + uses: SSSD/sssd-ci-containers/actions/exec@master + with: + user: root + where: ipa + script: | + #!/bin/bash + set -ex + + systemctl restart sssd || systemctl status sssd + - name: Install system tests dependencies shell: bash working-directory: ./sssd/src/tests/system @@ -339,23 +363,45 @@ jobs: run: | yq -i 'del(.domains[0].hosts.[] | select(.role == "ad"))' mhc.yaml + - name: Check polarion metadata + shell: bash + working-directory: ./sssd/src/tests/system + run: | + # Run pytest in collect only mode to quickly catch issues in Polarion metadata. + set -ex -o pipefail + + mkdir -p $GITHUB_WORKSPACE/artifacts + source .venv/bin/activate + pytest \ + --color=yes \ + --mh-config=./mhc.yaml \ + --mh-log-path=$GITHUB_WORKSPACE/mh.log \ + --mh-artifacts-dir=$GITHUB_WORKSPACE/artifacts \ + --polarion-config=./polarion.yaml \ + --output-polarion-testcase=$GITHUB_WORKSPACE/artifacts/testcase.xml \ + --collect-only . |& tee $GITHUB_WORKSPACE/pytest-collect.log + - name: Run tests shell: bash working-directory: ./sssd/src/tests/system run: | set -ex -o pipefail + mkdir -p $GITHUB_WORKSPACE/artifacts source .venv/bin/activate pytest \ --color=yes \ --mh-config=./mhc.yaml \ --mh-log-path=$GITHUB_WORKSPACE/mh.log \ --mh-artifacts-dir=$GITHUB_WORKSPACE/artifacts \ + --polarion-config=./polarion.yaml \ + --output-polarion-testcase=$GITHUB_WORKSPACE/artifacts/testcase.xml \ + --output-polarion-testrun=$GITHUB_WORKSPACE/artifacts/testrun.xml \ -vvv . |& tee $GITHUB_WORKSPACE/pytest.log - name: Upload artifacts if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: if-no-files-found: ignore name: ${{ matrix.tag }}-system @@ -366,6 +412,7 @@ jobs: build.log install.log pytest.log + pytest-collect.log result: name: All tests are successful diff --git a/.github/workflows/copr_build.yml b/.github/workflows/copr_build.yml index 04473e8fa6f..e0b5ef35e4e 100644 --- a/.github/workflows/copr_build.yml +++ b/.github/workflows/copr_build.yml @@ -21,7 +21,7 @@ name: copr on: pull_request_target: - branches: [master, sssd-2-7, sssd-2-8] + branches: [master, sssd-2-7, sssd-2-8, sssd-2-9] types: [opened, synchronize, reopened] concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number }} @@ -41,7 +41,7 @@ jobs: contents: read steps: - name: Checkout source - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} @@ -53,7 +53,7 @@ jobs: version: 9.${{ env.COPR_PROJECT }} - name: Upload source rpm as an artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ steps.srpm.outputs.file }} path: ${{ steps.srpm.outputs.path }} @@ -96,7 +96,7 @@ jobs: run: | # CentOS Stream 8 copr-cli --config "$coprcfg" edit-chroot \ - --repos 'https://koji.mbox.centos.org/kojifiles/repos/dist-c8-stream-build/latest/$basearch/' \ + --repos 'https://kojihub.stream.centos.org/kojifiles/repos/c8s-build/latest/$basearch' \ --modules idm:DL1 \ $COPR_ACCOUNT/$COPR_PROJECT/centos-stream-8-x86_64 @@ -114,10 +114,10 @@ jobs: fail-fast: false steps: - name: Checkout source - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Downlooad source rpm - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: ${{ needs.prepare.outputs.srpm }} path: . diff --git a/.github/workflows/copr_cleanup.yml b/.github/workflows/copr_cleanup.yml index 6e52b8aaadb..e4ffb0c3263 100644 --- a/.github/workflows/copr_cleanup.yml +++ b/.github/workflows/copr_cleanup.yml @@ -1,7 +1,7 @@ name: copr cleanup on: pull_request_target: - branches: [master, sssd-2-7, sssd-2-8] + branches: [master, sssd-2-7, sssd-2-8, sssd-2-9] types: [closed] concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number }} diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index f3b26dee202..fb803c668c0 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install dependencies uses: ./.github/actions/install-dependencies @@ -22,7 +22,7 @@ jobs: uses: ./.github/actions/configure - name: Execute and submit coverity scan - uses: vapier/coverity-scan-action@v1.2.0 + uses: vapier/coverity-scan-action@v1.7.0 with: email: "sssd-maint@redhat.com" token: ${{ secrets.COVERITY_SCAN_TOKEN }} diff --git a/.github/workflows/static-code-analysis.yml b/.github/workflows/static-code-analysis.yml index c9b8f7911fc..d84a1237169 100644 --- a/.github/workflows/static-code-analysis.yml +++ b/.github/workflows/static-code-analysis.yml @@ -1,9 +1,9 @@ name: "Static code analysis" on: push: - branches: [master, sssd-2-7, sssd-2-8] + branches: [master, sssd-2-7, sssd-2-8, sssd-2-9] pull_request: - branches: [master, sssd-2-7, sssd-2-8] + branches: [master, sssd-2-7, sssd-2-8, sssd-2-9] schedule: # Everyday at midnight - cron: '0 0 * * *' @@ -17,14 +17,14 @@ jobs: security-events: write steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install dependencies id: dependencies uses: ./.github/actions/install-dependencies - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: cpp, python queries: +security-and-quality @@ -39,7 +39,7 @@ jobs: make -j$PROCESSORS - name: Upload configuration artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: codeql-build @@ -49,7 +49,7 @@ jobs: if-no-files-found: ignore - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 python-system-tests: runs-on: ubuntu-latest @@ -57,7 +57,7 @@ jobs: contents: read steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup virtual environment working-directory: ./src/tests/system diff --git a/Makefile.am b/Makefile.am index e780e8a146f..f0b072fdbc5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -90,6 +90,7 @@ sssdkcmdatadir = $(datadir)/sssd-kcm deskprofilepath = $(sss_statedir)/deskprofile if HAVE_SYSTEMD_UNIT +ifp_dbus_exec_comment = \# If system is configured to use systemd ifp service ("SystemdService=") then "Exec=" and "User=" options are not used ifp_exec_cmd = $(sssdlibexecdir)/sssd_ifp --uid 0 --gid 0 --dbus-activated ifp_systemdservice = SystemdService=sssd-ifp.service ifp_restart = Restart=on-failure @@ -105,6 +106,7 @@ if SSSD_NON_ROOT_USER additional_caps = CAP_DAC_OVERRIDE endif else +ifp_dbus_exec_comment = \# "sss_signal" is used to force SSSD monitor to trigger "sssd_ifp" reconnection to dbus ifp_exec_cmd = $(sssdlibexecdir)/sss_signal ifp_systemdservice = ifp_restart = @@ -808,7 +810,6 @@ dist_noinst_HEADERS = \ src/db/sysdb_subid.h \ src/db/sysdb_domain_resolution_order.h \ src/db/sysdb_passkey_user_verification.h \ - src/db/sysdb_computer.h \ src/db/sysdb_iphosts.h \ src/db/sysdb_ipnetworks.h \ src/confdb/confdb.h \ @@ -1247,7 +1248,6 @@ libsss_util_la_SOURCES = \ src/db/sysdb_iphosts.c \ src/db/sysdb_ipnetworks.c \ src/util/sss_pam_data.c \ - src/db/sysdb_computer.c \ src/db/sysdb_subid.c \ src/util/util.c \ src/util/util_ext.c \ @@ -1317,7 +1317,9 @@ endif if BUILD_SYSTEMTAP libsss_util_la_LIBADD += stap_generated_probes.lo endif +if BUILD_PASSKEY libsss_util_la_SOURCES += src/db/sysdb_passkey_user_verification.c +endif # BUILD_PASSKEY libsss_util_la_LDFLAGS = -avoid-version pkglib_LTLIBRARIES += libsss_semanage.la @@ -1560,8 +1562,10 @@ sssd_pam_SOURCES = \ src/responder/pam/pam_prompting_config.c \ src/sss_client/pam_sss_prompt_config.c \ src/responder/pam/pam_helpers.c \ - src/responder/pam/pamsrv_passkey.c \ $(SSSD_RESPONDER_OBJ) +if BUILD_PASSKEY + sssd_pam_SOURCES += src/responder/pam/pamsrv_passkey.c +endif sssd_pam_CFLAGS = \ $(AM_CFLAGS) \ $(GSSAPI_KRB5_CFLAGS) \ @@ -1746,6 +1750,7 @@ EXTRA_DIST += \ ifp_edit_cmd = $(edit_cmd) \ -e 's|@ifp_exec_cmd[@]|$(ifp_exec_cmd)|g' \ + -e 's|@ifp_dbus_exec_comment[@]|$(ifp_dbus_exec_comment)|g' \ -e 's|@ifp_systemdservice[@]|$(ifp_systemdservice)|g' \ -e 's|@ifp_restart[@]|$(ifp_restart)|g' @@ -2341,7 +2346,10 @@ ipa_ldap_opt_tests_LDADD = \ $(LDB_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ $(OPENLDAP_LIBS) \ - libsss_test_common.la + libsss_test_common.la \ + libsss_ldap_common.la \ + libdlopen_test_providers.la \ + $(NULL) ad_ldap_opt_tests_SOURCES = \ src/providers/ldap/ldap_opts.c \ @@ -2512,6 +2520,7 @@ test_sbus_message_LDADD = \ libsss_debug.la \ libsss_test_common.la \ libsss_sbus.la \ + $(SSSD_INTERNAL_LTLIBS) \ $(NULL) test_sbus_opath_SOURCES = \ @@ -2525,6 +2534,7 @@ test_sbus_opath_LDADD = \ libsss_debug.la \ libsss_test_common.la \ libsss_sbus.la \ + $(SSSD_INTERNAL_LTLIBS) \ $(NULL) if HAVE_CMOCKA @@ -2616,7 +2626,6 @@ pam_srv_tests_SOURCES = \ src/responder/pam/pamsrv_cmd.c \ src/responder/pam/pamsrv_p11.c \ src/responder/pam/pamsrv_gssapi.c \ - src/responder/pam/pamsrv_passkey.c \ src/responder/pam/pam_helpers.c \ src/responder/pam/pamsrv_dp.c \ src/responder/pam/pam_prompting_config.c \ @@ -2650,6 +2659,9 @@ pam_srv_tests_LDADD = \ libsss_iface.la \ libsss_sbus.la \ $(NULL) +if BUILD_PASSKEY + pam_srv_tests_SOURCES += src/responder/pam/pamsrv_passkey.c +endif # BUILD_PASSKEY EXTRA_ssh_srv_tests_DEPENDENCIES = \ $(ldblib_LTLIBRARIES) \ @@ -2899,6 +2911,8 @@ nestedgroups_tests_LDADD = \ $(SSSD_INTERNAL_LTLIBS) \ libsss_idmap.la \ libsss_test_common.la \ + libsss_ldap_common.la \ + libdlopen_test_providers.la \ $(NULL) if BUILD_SYSTEMTAP nestedgroups_tests_LDADD += stap_generated_probes.lo @@ -3145,6 +3159,8 @@ sdap_tests_LDADD = \ $(SSSD_INTERNAL_LTLIBS) \ $(OPENLDAP_LIBS) \ libsss_test_common.la \ + libsss_ldap_common.la \ + libdlopen_test_providers.la \ $(NULL) if BUILD_IFP @@ -3840,6 +3856,7 @@ test_passkey_LDFLAGS = \ -Wl,-wrap,fido_dev_open \ -Wl,-wrap,fido_dev_has_uv \ -Wl,-wrap,fido_dev_has_pin \ + -Wl,-wrap,fido_dev_supports_uv \ -Wl,-wrap,fido_dev_make_cred \ -Wl,-wrap,fido_cred_x5c_ptr \ -Wl,-wrap,fido_cred_verify \ @@ -4390,6 +4407,8 @@ libsss_proxy_la_SOURCES = \ src/providers/proxy/proxy_hosts.c \ src/providers/proxy/proxy_ipnetworks.c \ src/providers/proxy/proxy_auth.c \ + src/providers/proxy/proxy_certmap.c \ + src/util/cert_derb64_to_ldap_filter.c \ src//util/nss_dl_load.c \ $(NULL) libsss_proxy_la_CFLAGS = \ @@ -4405,6 +4424,7 @@ libsss_proxy_la_LIBADD = \ $(SSSD_INTERNAL_LTLIBS) \ libsss_iface.la \ libsss_sbus.la \ + libsss_certmap.la \ $(NULL) libsss_proxy_la_LDFLAGS = \ -avoid-version \ @@ -4570,9 +4590,10 @@ if BUILD_SSH libsss_ipa_la_SOURCES += src/providers/ipa/ipa_hostid.c endif +if BUILD_PASSKEY libsss_ipa_la_SOURCES += \ src/providers/ipa/ipa_subdomains_passkey.c - +endif # BUILD_PASSKEY libsss_ad_la_SOURCES = \ src/providers/ad/ad_opts.c \ @@ -4655,8 +4676,10 @@ krb5_child_SOURCES = \ src/sss_client/common.c \ src/krb5_plugin/common/utils.c \ src/krb5_plugin/idp/idp_utils.c \ - src/krb5_plugin/passkey/passkey_utils.c \ $(NULL) +if BUILD_PASSKEY + krb5_child_SOURCES += src/krb5_plugin/passkey/passkey_utils.c +endif # BUILD_PASSKEY krb5_child_CFLAGS = \ $(AM_CFLAGS) \ $(POPT_CFLAGS) \ @@ -4672,7 +4695,6 @@ krb5_child_LDADD = \ $(CLIENT_LIBS) \ $(SYSTEMD_LOGIN_LIBS) \ $(JANSSON_LIBS) \ - libsss_sbus.la \ $(NULL) ldap_child_SOURCES = \ diff --git a/README.md b/README.md index e5e704526c5..0a4fd086e8f 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,4 @@ -[![master :: CI Status](https://img.shields.io/github/workflow/status/SSSD/sssd/ci/master?label=master%20%3A%3A%20ci)](https://github.com/SSSD/sssd/actions/workflows/ci.yml?query=branch%3Amaster) -[![master :: Analyzers](https://img.shields.io/github/workflow/status/SSSD/sssd/Static%20code%20analysis/master?label=master%20%3A%3A%20analyze)](https://github.com/SSSD/sssd/actions/workflows/static-code-analysis.yml?query=branch%3Amaster) [![Coverity Scan](https://img.shields.io/coverity/scan/sssd-sssd?label=master%20::%20coverity)](https://scan.coverity.com/projects/sssd-sssd) -[![sssd-2-7 :: CI Status](https://img.shields.io/github/workflow/status/SSSD/sssd/ci/master?label=sssd-2-7%20%3A%3A%20ci)](https://github.com/SSSD/sssd/actions/workflows/ci.yml?query=branch%3Asssd-2-7) -[![sssd-2-7 :: Analyzers](https://img.shields.io/github/workflow/status/SSSD/sssd/Static%20code%20analysis/sssd-2-7?label=sssd-2-7%20%3A%3A%20analyze)](https://github.com/SSSD/sssd/actions/workflows/static-code-analysis.yml?query=branch%3Asssd-2-7) # SSSD - System Security Services Daemon diff --git a/contrib/ci/configure.sh b/contrib/ci/configure.sh index 949adc366f3..e61351c2481 100644 --- a/contrib/ci/configure.sh +++ b/contrib/ci/configure.sh @@ -29,59 +29,44 @@ declare -a CONFIGURE_ARG_LIST=( "--enable-ldb-version-check" "--with-syslog=journald" "--enable-systemtap" - "--with-python2-bindings" ) -if [[ "$DISTRO_BRANCH" == -redhat-redhatenterprise*-6.*- || - "$DISTRO_BRANCH" == -redhat-centos-6.*- ]]; then +if [[ "$DISTRO_BRANCH" == -redhat-centos-8*- || + "$DISTRO_BRANCH" == -redhat-redhatenterprise*-8.*- ]]; then CONFIGURE_ARG_LIST+=( - "--with-smb-idmap-interface-version=5" - "--disable-cifs-idmap-plugin" - "--with-syslog=syslog" - "--without-python3-bindings" - "--without-kcm" + "--with-python2-bindings" ) -fi - -if [[ "$DISTRO_BRANCH" == -redhat-fedora-2[0-2]* ]]; then +else CONFIGURE_ARG_LIST+=( - "--without-kcm" + "--without-python2-bindings" ) fi -if [[ "$DISTRO_BRANCH" == -redhat-redhatenterprise*-7.*- || - "$DISTRO_BRANCH" == -redhat-centos-7.*- ]]; then - CONFIGURE_ARG_LIST+=( - "--without-python3-bindings" - ) -fi # Different versions of Debian might need different versions here but this is # sufficient to make the CI work if [[ "$DISTRO_BRANCH" == -debian-* ]]; then CONFIGURE_ARG_LIST+=( - "--without-python2-bindings" "--with-smb-idmap-interface-version=5" ) fi -if [[ "$DISTRO_BRANCH" == -redhat-fedora-3[2-9]* || - "$DISTRO_BRANCH" == -redhat-centos*-9*- || - "$DISTRO_BRANCH" == -redhat-redhatenterprise*-9.*- ]]; then - CONFIGURE_ARG_LIST+=( - "--without-python2-bindings" - ) -fi - -if [[ "$DISTRO_BRANCH" == -redhat-fedora-3[5-9]* || - "$DISTRO_BRANCH" == -redhat-redhatenterprise*-9.*- ]]; then +if [[ "$DISTRO_BRANCH" == -redhat-fedora-* || + "$DISTRO_BRANCH" == -redhat-centos-9*- || + "$DISTRO_BRANCH" == -redhat-centos-10*- || + "$DISTRO_BRANCH" == -redhat-redhatenterprise*-9.*- || + "$DISTRO_BRANCH" == -redhat-redhatenterprise*-10.*- ]]; then CONFIGURE_ARG_LIST+=( "--with-subid" ) fi -if [[ "$DISTRO_BRANCH" == -redhat-fedora-* ]]; then +if [[ "$DISTRO_BRANCH" == -redhat-fedora-* || + "$DISTRO_BRANCH" == -redhat-centos-9*- || + "$DISTRO_BRANCH" == -redhat-centos-10*- || + "$DISTRO_BRANCH" == -redhat-redhatenterprise*-9.*- || + "$DISTRO_BRANCH" == -redhat-redhatenterprise*-10.*- ]]; then CONFIGURE_ARG_LIST+=( "--with-passkey" ) diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh index e5dd2b0ca93..f6f50185866 100644 --- a/contrib/ci/deps.sh +++ b/contrib/ci/deps.sh @@ -33,7 +33,6 @@ declare DEPS_INTGCHECK_SATISFIED=true if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then declare _DEPS_LIST_SPEC DEPS_LIST+=( - clang-analyzer fakeroot libfaketime libcmocka-devel @@ -49,8 +48,7 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then libunistring-devel ) - if [[ "$DISTRO_BRANCH" == -redhat-fedora-31* || - "$DISTRO_BRANCH" == -redhat-redhatenterprise*-8.*- || + if [[ "$DISTRO_BRANCH" == -redhat-redhatenterprise*-8.*- || "$DISTRO_BRANCH" == -redhat-centos*-8*- ]]; then DEPS_LIST+=( python2 @@ -59,7 +57,8 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then ) fi - if [[ "$DISTRO_BRANCH" == -redhat-fedora-3[1-9]* || + if [[ "$DISTRO_BRANCH" == -redhat-fedora-4[0-9]* || + "$DISTRO_BRANCH" == -redhat-fedora-3[7-9]* || "$DISTRO_BRANCH" == -redhat-redhatenterprise*-8.*- || "$DISTRO_BRANCH" == -redhat-redhatenterprise*-9.*- || "$DISTRO_BRANCH" == -redhat-centos*-8*- || @@ -107,7 +106,6 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then autopoint check cifs-utils - clang dh-apparmor dnsutils docbook-xml diff --git a/contrib/ci/distro.sh b/contrib/ci/distro.sh index 182f7c0d1b0..3ac2611b640 100644 --- a/contrib/ci/distro.sh +++ b/contrib/ci/distro.sh @@ -51,17 +51,7 @@ function distro_pkg_install() { declare prompt=$'Need root permissions to install packages.\n' prompt+="Enter sudo password for $USER: " - if [[ "$DISTRO_BRANCH" == -redhat-fedora-2[2-5]* ]]; then - # TODO switch fedora to DNF once - # https://bugzilla.redhat.com/show_bug.cgi?id=1215208 is fixed - [ $# != 0 ] && sudo -p "$prompt" \ - yum-deprecated --assumeyes install -- "$@" |& - # Pass input to output, fail if a missing package is reported - awk 'BEGIN {s=0} - /^No package .* available.$/ {s=1} - {print} - END {exit s}' - elif [[ "$DISTRO_BRANCH" == -redhat-fedora-* ]]; then + if [[ "$DISTRO_BRANCH" == -redhat-fedora-* ]]; then [ $# != 0 ] && sudo -p "$prompt" \ /usr/bin/dnf --assumeyes --best \ --setopt=install_weak_deps=False \ diff --git a/contrib/ci/get-matrix.py b/contrib/ci/get-matrix.py index 9c24d22a080..7ff5f1d8a8b 100755 --- a/contrib/ci/get-matrix.py +++ b/contrib/ci/get-matrix.py @@ -27,10 +27,12 @@ def get_fedora_releases(type, exclude=[]): def get_fedora_matrix(): fedora_stable = get_fedora_releases('current') fedora_devel = get_fedora_releases('pending', exclude=['eln']) + fedora_frozen = get_fedora_releases('frozen', exclude=['eln']) matrix = [] matrix.extend(['fedora-{0}'.format(x) for x in fedora_stable]) matrix.extend(['fedora-{0}'.format(x) for x in fedora_devel]) + matrix.extend(['fedora-{0}'.format(x) for x in fedora_frozen]) return matrix @@ -48,9 +50,9 @@ def get_other_matrix(): parser.add_argument('--action', action='store_true', help='It is run in GitHub actions mode') args = parser.parse_args() - fedora = get_fedora_matrix() - centos = get_centos_matrix() - other = get_other_matrix() + fedora = sorted(get_fedora_matrix()) + centos = sorted(get_centos_matrix()) + other = sorted(get_other_matrix()) matrix = { 'intgcheck': [*fedora, *centos, *other], diff --git a/contrib/ci/sssd.supp b/contrib/ci/sssd.supp index 720e7333947..5d86049b705 100644 --- a/contrib/ci/sssd.supp +++ b/contrib/ci/sssd.supp @@ -171,8 +171,6 @@ fun:be_res_init fun:be_init_failover fun:test_ipa_server_create_trusts_setup - ... - fun:_cmocka_run_group_tests } # Leaks in bash if p11_child returns and error because due to libtool the diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index c0486d2525c..03171a87233 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -30,7 +30,7 @@ %global build_kcm_renewals 0 %endif -%if 0%{?fedora} >= 39 +%if 0%{?fedora} >= 39 || 0%{?rhel} >= 9 %global build_passkey 1 %else %global build_passkey 0 @@ -72,6 +72,7 @@ Requires: sssd-krb5 = %{version}-%{release} Requires: sssd-ldap = %{version}-%{release} Requires: sssd-proxy = %{version}-%{release} Suggests: logrotate +Suggests: procps-ng Suggests: python3-sssdconfig = %{version}-%{release} Suggests: sssd-dbus = %{version}-%{release} @@ -144,6 +145,7 @@ BuildRequires: pcre2-devel BuildRequires: pkgconfig BuildRequires: popt-devel BuildRequires: python3-devel +BuildRequires: (python3-setuptools if python3 >= 3.12) BuildRequires: samba-devel # required for idmap_sss.so BuildRequires: samba-winbind @@ -355,6 +357,7 @@ identity data from and authenticate against an Active Directory server. Summary: The proxy back end of the SSSD License: GPLv3+ Requires: sssd-common = %{version}-%{release} +Requires: libsss_certmap = %{version}-%{release} %description proxy Provides the proxy back end which can be used to wrap an existing NSS and/or diff --git a/po/bg.po b/po/bg.po index 9effeb1a04d..69aed022aa6 100644 --- a/po/bg.po +++ b/po/bg.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2014-12-14 11:44-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Bulgarian (http://www.transifex.com/projects/p/sssd/language/" @@ -594,12 +594,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "Интерфейсът, чийто IP да се ползва за динамични DNS обновявания" @@ -683,1163 +683,1167 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "IPA домейн" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "Адрес на IPA сървър" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "Име на хост на IPA клиент" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "Дали автоматично да се обновява клиентския DNS запис във FreeIPA" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "LDAP филтър за определяне права на достъп" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Адрес на Kerberos сървър" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Kerberos област" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "Директория за съхранение на кеша за данни за удостоверяване" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "Местоположение на кеша за данни за удостоверяване на потребители" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "Местоположение на keytab за валидиране на данните за удостоверяване" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "Разреши проверката на данните за удостоверяване" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "Записва паролата ако е офлайн за по-късно удостоверяване" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "Сървърът, на който работи услугата за смяна на парола ако не е на KDC" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, URI на LDAP сървъра" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "Базовият DN по подразбиране" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Използваният тип схема на LDAP сървъра, rfc2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "Подразбиращият се bind DN" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "Продължителност на опитите за свързване" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Продължителност на опитите за синхронни LDAP операции" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "Продължителност на времето между опитите за връзка докато е офлайн" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "Файл, съдържащ CA сертификати" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "Път до директорията на CA сертификат" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "Изисква TLS проверка на сертификат" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "Задава за използване механизма sasl" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "Задаване на sasl authorization id за употреба" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "keytab на Kerberos услуга" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "Ползвай Kerberos auth за LDAP връзка" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "Следвай LDAP референциите" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "Продължителност на живот на TGT за LDAP връзка" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "Продължителност на време за изчакване на заявка за търсене" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "Продължителност на време между актуализации на изброяване" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 #, fuzzy msgid "Maximum period deviation between enumeration updates" msgstr "Продължителност на време между актуализации на изброяване" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "Изисква TLS за ИД справките" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "атрибут Потребителско име" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "атрибут UID" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "атрибут Първичен GID" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "атрибут GECOS" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "атрибут Домашна директория" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "атрибут Команден интерпретатор" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "атрибут User principal (за Kerberos)" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "Пълно име" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "атрибут членНа" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "атрибут Момент на промяна" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "Политика за определяне срок на валидност на парола" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "Списък разрешени потребители, разделени със запетая" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "Списък забранени потребители, разделени със запетая" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1888,67 +1892,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1956,35 +1960,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD не е стартиран като root." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "Възникнала е грешка, но не може да се намери описание." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Неочаквана грешка при търсене на описание на грешка" @@ -1992,119 +1996,131 @@ msgstr "Неочаквана грешка при търсене на описа msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Съобщение от сървъра:" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Паролите не съвпадат" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "Промяна на паролата от root не се поддържа." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Удостоверен с кеширани идентификационни данни" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", кешираната парола ще изтече на: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr ", кешираната парола ще изтече на: " -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "Удостоверяването е забранено до: " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "Системата е офлайн, промяна на паролата не е възможна" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Промяната на паролата не успя." -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Нова парола:" -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Отново новата парола:" -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Парола:" -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Текуща парола:" -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "Паролата Ви е остаряла. Сменете я сега." diff --git a/po/ca.po b/po/ca.po index ceb4adf3ca3..6186f1a6b26 100644 --- a/po/ca.po +++ b/po/ca.po @@ -14,7 +14,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2017-10-15 03:02-0400\n" "Last-Translator: Robert Antoni Buj Gelonch \n" "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/" @@ -644,12 +644,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "Si s'actualitza automàticament l'entrada DNS del client" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "El TTL per aplicar a l'entrada DNS del client després d'actualitzar-ho" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "La interfície amb la IP que s'hauria d'utilitzar per a les actualitzacions " @@ -738,37 +738,41 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "Domini IPA" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "Adreça del servidor IPA" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "Adreça del servidor IPA de reserva " -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "Nom d'amfitrió del client IPA" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "Si s'actualitza automàticament l'entrada DNS del client a FreeIPA" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "Base de cerca per als objectes relacionats amb HBAC" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" "Quantitat de temps entre recerques de les regles HBAC contra el servidor IPA" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" @@ -776,237 +780,237 @@ msgstr "" "Quantitat de temps en segons entre recerques de les assignacions SELinux " "contra el servidor IPA" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" "Si s'estableix a fals, s'ignorarà l'argument de l'amfitrió proporcionat amb " "PAM" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" "La ubicació de l'eina de muntatge automàtic que aquest client IPA està " "utilitzant" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" "Base de cerca per a l'objecte que conté la informació sobre el domini de " "l'IPA" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" "Base de cerca per als objectes que contenen informació sobre els intervals " "d'id." -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" "Habilita els llocs DNS - el descobriment del servei es basa en la ubicació" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "Base de cerca per als contenidors de la vista" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "Objectclass per als contenidors de la vista" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "L'atribut amb el nom de la vista" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "Objectclass per substituir els objectes" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "L'atribut amb la referència a l'objecte original" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "Objectclass per als objectes de substitució d'usuari" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "Objectclass per als objectes de substitució de grup" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 #, fuzzy msgid "Search base for SUBID ranges" msgstr "Base de cerca per als contenidors de la vista" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "Quines regles s'haurien d'utilitzar per avaluar el control d'accés" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "Domini Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "Adreça del servidor de l'Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "Adreça del servidor de l'Active Directory de reserva" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "Nom d'amfitrió del client d'Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "Filtre LDAP per determinar els privilegis d'accés" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "Si s'utilitza el catàleg global per a les recerques" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "Mode d'operació per al control d'accés basat en GPO" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" @@ -1014,7 +1018,7 @@ msgstr "" "Quantitat de temps entre recerques de fitxers de polítiques GPO contra el " "servidor d'AD" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" @@ -1022,7 +1026,7 @@ msgstr "" "Noms dels serveis del PAM que s'assignen als ajusts de les polítiques " "(Deny)InteractiveLogonRight del GPO" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" @@ -1030,297 +1034,297 @@ msgstr "" "Noms dels serveis del PAM que s'assignen als ajusts de les polítiques " "(Deny)RemoteInteractiveLogonRight del GPO" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" "Noms dels serveis del PAM que s'assignen als ajusts de les polítiques " "(Deny)NetworkLogonRight del GPO" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" "Noms dels serveis del PAM que s'assignen als ajusts de les polítiques " "(Deny)BatchLogonRight del GPO" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" "Noms dels serveis del PAM que s'assignen als ajusts de les polítiques " "(Deny)ServiceLogonRight del GPO" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" "Noms dels serveis del PAM als quals sempre se'ls garanteix l'accés basat en " "GPO" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" "Noms dels serveis del PAM als quals sempre se'ls denega l'accés basat en GPO" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" "Dret (permet o denega) predeterminat de l'inici de sessió a utilitzar per " "als noms dels serveis del PAM sense assignar" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "un lloc determinat per utilitzar amb el client" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Adreça del servidor Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "Adreça del servidor Kerberos de reserva" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Reialme Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "Temps d'expiració de l'autenticació" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "Si es creen els fitxers kdcinfo" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "Si es rebutgen les parts de la configuració del krb5" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "Directori per emmagatzemar la memòria cau de les credencials" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "Ubicació de la memòria cau de les credencials de l'usuari" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "Ubicació de la clau per validar les credencials" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "Habilita la validació de credencials" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" "Emmagatzema la contrasenya si s'està desconnectat per a l'autenticació " "posterior amb connexió" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "Temps de vida renovable del TGT" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "Temps de vida del TGT" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "Temps entre les dues comprovacions per a la renovació" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "Habilita FAST" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "Selecciona el principal per utilitzar amb FAST" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "Habilita la canonització del principal" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "Habilita els principals empresarials" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Servidor on es troba el servei de canvi de contrasenya si no està al KDC" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, L'URI del servidor LDAP" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "ldap_backup_uri, L'URI del servidor LDAP" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "El DN base per defecte" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "El tipus d'esquema en ús al servidor LDAP, rfc2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "El DN de creació del vincle per defecte" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" "El tipus del testimoni d'autenticació del DN de creació del vincle per " "defecte" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "El testimoni d'autenticació del DN de creació del vincle per defecte" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "Període de temps per intentar una connexió" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Període de temps per intentar operacions LDAP asíncrones" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" "Període de temps entre els intents per tornar a connectar mentre s'està " "desconnectat" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "Utilitza només majúscules pels noms de reialme" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "Fitxer que conté els certificats de l'AC" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "Camí al directori del certificat de l'AC" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "Fitxer que conté el certificat de client" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "Fitxer que conté la clau de client" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "Llista de paquets de xifrat possibles" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "Requereix verificació de certificat TLS" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "Especifica el mecanisme SASL a utilitzar" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "Especifica l'id. d'autorització SASL a utilitzar" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "Especifica el reialme d'autorització SASL a utilitzar" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "Especifica el SSF mínim per a l'autorització SASL de LDAP" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "Taula de claus del servei del Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "Utilitza l'autenticació Kerberos per a la connexió LDAP" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "Segueix les referències LDAP" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "Temps de vida del TGT per la connexió LDAP" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "Com desreferenciar els àlies" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "Nom del servei per a la recerca del servei del DNS" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "El nombre de registres a recuperar en una sola consulta LDAP" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" "El nombre de membres que han de faltar per activar una de-referència completa" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" @@ -1328,413 +1332,413 @@ msgstr "" "Si la biblioteca LDAP hauria de realitzar una recerca inversa per canonitzar " "el nom d'amfitrió durant la creació del vincle SASL" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "L'atribut entryUSN" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "L'atribut lastUSN" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" "Quant de temps s'ha de retenir una connexió al servidor LDAP abans de " "desconnectar" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "Inhabilita el control de paginació LDAP" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "Inhabilita la recuperació de l'interval de l'Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "Període de temps per esperar una petició de cerca" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "Període de temps per esperar una petició d'enumeració" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "Període de temps entre les actualitzacions de les enumeracions" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 #, fuzzy msgid "Maximum period deviation between enumeration updates" msgstr "Període de temps entre les actualitzacions de les enumeracions" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "Període de temps entre les neteges de la memòria cau" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 #, fuzzy msgid "Maximum time deviation between cache cleanups" msgstr "Període de temps entre les neteges de la memòria cau" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "Requereix TLS per a la recerca d'id." -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" "Utilitza l'assignació dels id. de l'objectSID en lloc dels id. pre-establerts" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "DN base per a la recerca de l'usuari" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "Abast de la recerca de l'usuari" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "Filtre per a la recerca de l'usuari" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "Objectclass per als usuaris" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "L'atribut nom d'usuari" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "L'atribut UID" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "L'atribut GID primari" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "L'atribut GECOS" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "L'atribut directori inicial" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "L'atribut shell" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "L'atribut UUID" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "L'atribut objectSID" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "L'atribut grup primari de l'Active Directory per a l'assignació d'id." -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "L'atribut usuari principal (per a Kerberos)" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "Nom complet" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "L'atribut memberOf" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "L'atribut data de modificació" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "L'atribut shadowLastChange" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "L'atribut shadowMin" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "L'atribut shadowMax" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "L'atribut shadowWarning" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "L'atribut shadowInactive" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "L'atribut shadowExpire" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "L'atribut shadowFlag" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "L'atribut que llista els serveis PAM autoritzats" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "L'atribut que llista els amfitrions dels servidors autoritzats" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "L'atribut krbLastPwdChange" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "L'atribut krbPasswordExpiration" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" "L'atribut que indica l'activació de les polítiques de contrasenya de servidor" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "L'atribut accountExpires de l'AD" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "L'atribut userAccountControl de l'AD" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "L'atribut nsAccountLock" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "L'atribut loginDisabled del NDS" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "L'atribut loginExpirationTime del NDS" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "L'atribut loginAllowedTimeMap del NDS" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "L'atribut clau pública SSH" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "atribut que llista els tipus permesos d'autenticació per a un usuari" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "atribut que conté el certificat X509 de l'usuari" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 #, fuzzy msgid "attribute containing the passkey mapping data of the user" msgstr "atribut que conté el certificat X509 de l'usuari" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" "Una llista dels atributs extres per baixar juntament amb l'entrada de " "l'usuari" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "DN base per a la recerca del grup" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "L'objectclass per als grups" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "Nom del grup" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "Contrasenya del grup" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "L'atribut GID" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "L'atribut membre del grup" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "L'atribut UUID del grup" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "L'atribut data de modificació per als grups" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "Tipus del grup i altres senyals" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "DN base per a la recerca del grup de xarxa" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "L'objectclass per als grups de xarxa" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "Nom de grup de xarxa" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "L'atribut membres del grup de xarxa" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "L'atribut triple del grup de xarxa" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "L'atribut data de modificació per als grups de xarxa" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "DN base per a la recerca del servei" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "Objectclass per als serveis" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "L'atribut nom del servei" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "L'atribut port del servei" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "L'atribut protocol del servei" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "Límit inferior per a l'assignació d'id." -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "Límit superior per a l'assignació d'id." -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "Nombres d'id. per cada porció en l'assignació d'id." -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "Utilitza l'algoritme compatible d'autorid per a l'assignació d'id." -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "Nom del domini per defecte per a l'assignació d'id." -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "SID del domini per defecte per a l'assignació d'id." -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "Si s'utilitzen els grups amb testimonis" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "Estableix el límit inferior per als id. permesos del servidor LDAP" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "Estableix el límit superior per als id. permesos del servidor LDAP" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "DN per a les consultes ppolicy" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "Política per avaluar el venciment de la contrasenya" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" "Quins atributs s'haurien d'utilitzar per avaluar si el compte ha vençut" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "URI d'un servidor LDAP on es permeten els canvis de contrasenya" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" "URI d'un servidor LDAP de reserva on es permeten els canvis de contrasenya" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "Nom del servei DNS pel servidor LDAP de canvi de contrasenyes" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" @@ -1742,27 +1746,27 @@ msgstr "" "Si s'actualitza l'atribut ldap_user_shadow_last_change després d'un canvi de " "contrasenya" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "DN base per a la recerca de les regles sudo" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "Període d'actualització automàtica completa" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "Període d'actualització automàtica intel·ligent" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "Si es filtren les regles per nom d'amfitrió, adreça IP i xarxa" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" @@ -1770,196 +1774,196 @@ msgstr "" "Noms d'amfitrió i/o noms de domini plenament qualificat d'aquesta màquina " "per filtrar les regles de sudo" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" "Adreces IPv4 o IPv6 o xarxa d'aquesta màquina per filtrar regles de sudo" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" "Si s'inclouen les regles que contenen el grup de xarxa a l'atribut de " "l'amfitrió" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" "Si s'inclouen les regles que contenen expressions regulars a l'atribut de " "l'amfitrió" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "Objectclass de les regles sudo" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "Nom de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "Attribut command de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "L'atribut host de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "L'atribut user de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "L'atribut option de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "L'atribut runas de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "L'atribut runasuser de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "L'atribut runasgroup de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "L'atribut notbefore de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "L'atribut notafter de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "L'atribut order de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "Objectclass per a les assignacions de l'eina de muntatge automàtic" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "L'atribut nom de l'assignació de l'eina de muntatge automàtic" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" "Objectclass per a les entrades de les assignacions de l'eina de muntatge " "automàtic" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" "L'atribut clau d'entrada de l'assignació de l'eina de muntatge automàtic" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" "L'atribut valor de l'entrada de l'assignació l'eina de muntatge automàtic" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" "DN base per a la recerca de l'assignació de l'eina de muntatge automàtic" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "Llista separada per comes dels usuaris autoritzats" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "Llista separada per comes dels usuaris no autoritzats" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "El nom de la biblioteca NSS a utilitzar" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" "Si se cerca el nom del grup canònic des de la memòria cau, si és possible" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "Pila PAM a utilitzar" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -2008,67 +2012,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "Un descriptor de fitxer obert pels registres de depuració" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "L'usuari amb què es crea la ccache FAST" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "El grup amb què es crea la ccache FAST" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -2076,35 +2080,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "Domini del proveïdor d'informació (obligatori)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "El sòcol amb privilegis té malament els permisos o el propietari." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "El sòcol públic té malament els permisos o el propietari." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Format inesperat del missatge de les credencials del servidor." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "L'SSSD no s'està executant com a root." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "S'ha produït un error però no s'ha pogut trobar cap descripció." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Error inesperat en cercar una descripció de l'error" @@ -2112,57 +2116,63 @@ msgstr "Error inesperat en cercar una descripció de l'error" msgid "Permission denied. " msgstr "Permís denegat." -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Missatge del servidor: " #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Les contrasenyes no coincideixen" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "No s'admet el restabliment de la contrasenya pel root." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "S'ha autenticat amb credencials de la memòria cau" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", la vostra contrasenya en memòria cau vencerà el: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" "La vostra contrasenya ha vençut. Teniu %1$d inicis de sessió restants de " "cortesia." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "La vostra contrasenya vencerà en %1$d %2$s." -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr "La vostra contrasenya vencerà en %1$d %2$s." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "S'ha denegat l'autenticació fins: " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "El sistema està desconnectat, el canvi de contrasenya no és possible" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" @@ -2170,65 +2180,71 @@ msgstr "" "Després de canviar la contrasenya OTP, heu de tancar la sessió i tornar-la a " "iniciar per tal d'adquirir un tiquet" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Ha fallat el canvi de contrasenya." -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Nova contrasenya: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Torneu a introduir la nova contrasenya: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "Primer factor:" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "Segon factor:" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Contrasenya: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Contrasenya actual: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "La contrasenya ha vençut. Canvieu ara la vostra contrasenya." diff --git a/po/cs.po b/po/cs.po index 18776669686..e21bce82d5c 100644 --- a/po/cs.po +++ b/po/cs.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2023-04-08 20:20+0000\n" "Last-Translator: Pavel Borecki \n" "Language-Team: Czech , je třeba, aby bylo root\n" msgid "SSSD is already running\n" msgstr "SSSD už je spuštěné\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "Povolit diagnostické zapisování obsahu paměti" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "Otevřený popisovač souboru pro záznam ladících informací" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "Uživatel pod kterým vytvořit FAST ccache" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "Skupina pod kterou vytvořit FAST ccache" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "K vyžádání FAST chráněného tiketu použít anonymní PKINIT" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "Kerberos oblast (realm) kterou použít" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "Požadovaná životnost lístku" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "Požadovaná obnovitelná životnosti lístku" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "FAST volby („never“, „try“, „demand“)" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "Určuje principal serveru které použít pro FAST" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "Požaduje kanonizaci názvu principalu" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "Použít uživatelsky určenou verzi krb5_get_init_creds_password" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "Identifikátor Tevent řetězce použitého pro účely přihlašování se" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "Zkontrolovat PAC příznaky" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "talloc_asprintf se nezdařilo.\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "set_debug_file_from_fd se nezdařilo.\n" @@ -2108,35 +2112,35 @@ msgstr "set_debug_file_from_fd se nezdařilo.\n" msgid "Domain of the information provider (mandatory)" msgstr "Doména poskytovatele informace (povinné)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "Privilegovaný soket má nesprávné vlastnictví nebo oprávnění." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "Veřejný soket má chybné vlastnictví nebo oprávnění." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Neočekávaný formát zprávy o pověřeních serveru." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD není spouštěno správcem." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "SSSD soket neexistuje." -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "Nedaří se získat stav SSSD soketu." -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "Došlo k chybě, ale nedaří se najít popis." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Neočekávaná chyba při hledání popisu chyby" @@ -2144,124 +2148,136 @@ msgstr "Neočekávaná chyba při hledání popisu chyby" msgid "Permission denied. " msgstr "Přístup odepřen. " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Zpráva ze serveru: " #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" # auto translated by TM merge from project: FreeIPA, version: ipa-4-5, DocId: # po/ipa -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Zadání hesla se neshodují" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "Reset hesla správcem není podporován." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Přihlášeni přihlašovacími údaji z mezipaměti" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", platnost mezipaměti hesel skončí v: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "Platnost vašeho hesla skončila. Zbývá vám %1$d přihlášení." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Platnost vašeho hesla skončí v %1$d %2$s." -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr "Platnost vašeho hesla skončí v %1$d %2$s." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "Ověření odepřeno do: " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "Systém není dostupný, změna hesla není možná" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" "Po změně OTP hesla, je třeba se odhlásit/přihlásit aby byl získán lístek" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "Uzamčeno PIN" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Změna hesla se nezdařila. " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "Ověřit na %1$s a stisknout ENTER." -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "Ověřte se PIN kódem %1$s na %2$s a stiskněte Enter." -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "(Znovu) vložte (jinou?) Smartcard kartu" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Nové heslo: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Zopakování nového hesla: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "Hlavní faktor: " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "Druhý faktor (volitelné): " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "Druhý faktor: " -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" # auto translated by TM merge from project: anaconda, version: f25, DocId: # main -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Heslo: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "Hlavní faktor (stávající heslo): " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Stávající heslo: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "Platnost hesla skončila. Změňte si ho." diff --git a/po/de.po b/po/de.po index c5baf4ae669..1fcd93567ce 100644 --- a/po/de.po +++ b/po/de.po @@ -13,7 +13,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2022-07-01 09:40+0000\n" "Last-Translator: Joachim Philipp \n" "Language-Team: German \n" "Language-Team: Spanish , debe ser root\n" msgid "SSSD is already running\n" msgstr "SSSD ya está corriendo\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "Un arhivo abierto de descriptor para los registros de depuración" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "El usuario para crear FAST ccache como" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "El grupo para crear FAST ccache como" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "Reino Kerberos a usar" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "Tiempo de vida pedido del ticket" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "Teimpo de vida renovable pedido del ticket" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "Opciones FAST ('never', 'try', 'demand')" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "Especifica el servidor principal a usar por FAST" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "Solicita la canonización del nombre principal" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "Usar versión personal de krb5_get_init_creds_password" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "talloc_asprintf falló.\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "set_debug_file_from_fd falló.\n" @@ -2172,35 +2176,35 @@ msgstr "set_debug_file_from_fd falló.\n" msgid "Domain of the information provider (mandatory)" msgstr "Dominio del proveedor de información (obligatorio)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "El zócalo privilegiado posee permisos o pertenencia equivocados." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "El zócalo público posee permisos o pertenencia equivocados." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Formato no esperado del mensaje de la credencial del servidor." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD no está siendo ejecutado por el usuario root." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "El socket SSSD no existe." -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "No se pueden obtener estadísticas del socket SSSD." -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "Ha ocurrido un error, pero no se ha podido encontrar una descripción." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" "Ha ocurrido un error no esperado mientras se buscaba la descripción del error" @@ -2209,55 +2213,61 @@ msgstr "" msgid "Permission denied. " msgstr "Permiso denegado." -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Mensaje del servidor:" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Las contraseñas no coinciden" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "No existe soporte para reseteado de la contraseña por el usuario root." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Autenticado mediante credenciales cacheada" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", su contraseña cacheada vencerá el:" -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "Su contraseña ha expirado. Usted tiene %1$d accesos restantes." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Su contraseña expirará en %1$d %2$s." -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr "Su contraseña expirará en %1$d %2$s." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "La autenticación ha sido denegada hasta:" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "El sistema está fuera de línea, no se puede cambiar la contraseña" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" @@ -2265,65 +2275,71 @@ msgstr "" "Después de cambiar la contraseña OTP, usted debe salir y volver a entrar con " "el objetivo de fijarla" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Falló el cambio de contraseña." -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Nueva contraseña: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Reingrese la contraseña nueva:" -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "Primer Factor: " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "Segundo Factor (opcional): " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "Segundo Factor:" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Contraseña: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "Primer Factor (Contraseña Actual): " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Contraseña actual: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "La contraseña ha expirado. Modifíquela en este preciso momento." diff --git a/po/eu.po b/po/eu.po index 5c0e22d6652..dc3073b061b 100644 --- a/po/eu.po +++ b/po/eu.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2014-12-14 11:45-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/" @@ -588,12 +588,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" @@ -677,1162 +677,1166 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "IPA domeinua" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "IPA zerbitzariaren helbidea" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "IPA bezeroaren ostalari-izena" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "FAST gaitzen du" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "entryUSN atributua" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "lastUSN atributua" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "UID atributua" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "objectSID atributua" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "Izen osoa" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "shadowLastChange atributua" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "shadowMin atributua" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "shadowMax atributua" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "shadowWarning atributua" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "shadowInactive atributua" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "shadowExpire atributua" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "shadowFlag atributua" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "krbLastPwdChange atributua" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "krbPasswordExpiration atributua" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "ADren accountExpires atributua" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "ADren userAccountControl atributua" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "nsAccountLock atributua" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "Talde-izena" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "Taldearen pasahitza" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "GID atributua" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1881,67 +1885,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1949,35 +1953,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" @@ -1985,119 +1989,131 @@ msgstr "" msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr "Huts egin du pasahitza aldatzeak. " -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Huts egin du pasahitza aldatzeak. " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Pasahitz berria: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Berriz sartu pasahitz berria: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Pasahitza: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Uneko pasahitza: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "Pasahitza iraungita. Aldatu zure pasahitza orain." diff --git a/po/fi.po b/po/fi.po index 6abcf5590e7..3aaaaef3818 100644 --- a/po/fi.po +++ b/po/fi.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2023-02-26 20:20+0000\n" "Last-Translator: Jan Kuparinen \n" "Language-Team: Finnish \n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" +"PO-Revision-Date: 2023-06-10 12:20+0000\n" +"Last-Translator: Ludek Janda \n" "Language-Team: French \n" +"sssd-2-9/fr/>\n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n > 1;\n" -"X-Generator: Weblate 4.15.2\n" +"X-Generator: Weblate 4.17\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -184,9 +184,8 @@ msgstr "" "Activer ou désactiver les vidages de noyau pour tous les processus SSSD." #: src/config/SSSDConfig/sssdoptions.py:58 -#, fuzzy msgid "Tune passkey verification behavior" -msgstr "Régler la vérification du certificat" +msgstr "Ajustez le comportement de la vérification de la clé de sécurité" #: src/config/SSSDConfig/sssdoptions.py:61 msgid "Enumeration cache timeout length (seconds)" @@ -435,18 +434,17 @@ msgstr "" "appliquées pour l'accès PAM avec authentification GSSAPI" #: src/config/SSSDConfig/sssdoptions.py:117 -#, fuzzy msgid "Allow passkey device authentication." -msgstr "Autoriser l'authentification par certificat/carte à puce." +msgstr "Autoriser l'authentification des périphériques par mot de passe." #: src/config/SSSDConfig/sssdoptions.py:118 -#, fuzzy msgid "How many seconds will pam_sss wait for passkey_child to finish" -msgstr "Combien de secondes pam_sss attendra-t-il la fin de p11_child" +msgstr "" +"Combien de secondes pam_sss attendra-t-il que passkey_child ait terminé ?" #: src/config/SSSDConfig/sssdoptions.py:119 msgid "Enable debugging in the libfido2 library" -msgstr "" +msgstr "Activer le débogage dans la bibliothèque libfido2" #: src/config/SSSDConfig/sssdoptions.py:122 msgid "Whether to evaluate the time-based attributes in sudo rules" @@ -700,12 +698,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "Choisir de mettre à jour automatiquement l'entrée DNS du client" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "Le TTL à appliquer à l'entrée DNS du client après modification" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "L'interface dont l'adresse IP doit être utilisée pour les mises à jour " @@ -813,101 +811,105 @@ msgstr "" "passe à long terme) doit être sauvegardé en tant que hachage SHA512 dans le " "cache." -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "Domaine IPA" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "Adresse du serveur IPA" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "Adresse du serveur IPA de secours" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "Nom de système du client IPA" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" "Choisir de mettre à jour automatiquement l'entrée DNS du client dans FreeIPA" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "Base de recherche pour les objets HBAC" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "Délai entre les recherches de règles HBAC sur le serveur IPA" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "Délai entre les recherches de cartes SELinux sur le serveur IPA" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "Si mit à false, l’argument de l'hôte donné par PAM est ignoré" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" "L'emplacement de la carte de montage automatique utilisée par le client IPA" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" "Base de recherche pour l'objet contenant les informations de base à propos " "du domaine IPA" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" "Base de recherche pour les objets contenant les informations à propos des " "plages d'ID" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "Activer les sites DNS - découverte de service basée sur l'emplacement" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "Base de recherche des conteneurs de vues" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "Classe d'objet pour les conteneurs de vues" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "Attribut avec le nom de la vue" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "Classe d'objet surchargeant les objets" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "Attribut faisant référence à l'objet originel" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "Classe d'objet surchargeant les utilisateurs" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "Classe d'objet surchargeant les groupes" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "Base de recherche pour les objets liés au Profil du Bureau" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" @@ -915,7 +917,7 @@ msgstr "" "Le temps, en secondes, entre les consultations des règles du profil du " "bureau sur le serveur IPA" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" @@ -923,42 +925,42 @@ msgstr "" "Le temps en minutes entre les consultations des règles de profile de bureau " "sur le serveur IPA lorsque la dernière requête n'a trouvé aucune règle" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "Base de recherche pour les plages SUBID" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "Quelles règles utiliser pour évaluer le contrôle d'accès" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "L'attribut LDAP qui contient le FQDN de l'hôte." -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "La classe d'objet d'une entrée utilisateur dans LDAP." -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" "Utiliser la chaîne donnée comme base de recherche pour héberger des objets." -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "L'attribut LDAP qui contient les clés publiques SSH de l'hôte." -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "L'attribut LDAP qui contient le nom de domaine NIS du netgroup." -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "L'attribut LDAP contenant les noms des membres du netgroup." -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." @@ -966,7 +968,7 @@ msgstr "" "L'attribut LDAP qui répertorie les FQDN des hôtes et des groupes d'hôtes qui " "sont membres du netgroup." -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." @@ -974,11 +976,11 @@ msgstr "" "L'attribut LDAP qui répertorie les hôtes et les groupes d'hôtes qui sont des " "membres directs du netgroup." -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "L'attribut LDAP qui répertorie les adhésions au netgroup." -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." @@ -986,20 +988,20 @@ msgstr "" "L'attribut LDAP qui répertorie les utilisateurs du système et les groupes " "qui sont des membres directs du netgroup." -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "L'attribut LDAP correspondant au nom du netgroup." -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "La classe d'objet d'une entrée de netgroup dans LDAP." -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "L'attribut LDAP qui contient l'UUID/GUID d'un objet de netgroup LDAP." -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." @@ -1007,11 +1009,11 @@ msgstr "" "L'attribut LDAP qui contient l’information de savoir si la carte " "d'utilisateur est activée ou non pour l'utilisation." -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "L'attribut LDAP qui contient la catégorie d'hôte telle que \"all\"." -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." @@ -1019,18 +1021,18 @@ msgstr "" "L'attribut LDAP qui contient tous les hôtes / groupes d'hôtes auxquels cette " "règle correspond." -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" "L'attribut LDAP qui contient tous les utilisateurs / groupes auxquels cette " "règle correspond." -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "L'attribut LDAP qui contient le nom de la carte d'utilisateur SELinux." -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." @@ -1038,21 +1040,21 @@ msgstr "" "L'attribut LDAP qui contient le DN de la règle HBAC qui peut être utilisé " "pour la correspondance au lieu de memberUser et memberHost." -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" "L'attribut LDAP qui contient la chaîne d'utilisateur SELinux elle-même." -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" "L'attribut LDAP qui contient la catégorie d'utilisateur telle que \"all\"." -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "L'attribut LDAP qui contient l'ID unique de la carte de l'utilisateur." -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." @@ -1061,46 +1063,46 @@ msgstr "" "effectuer différemment les recherches des utilisateurs et des groupes des " "domaines approuvés." -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" "Utiliser la chaîne donnée comme base de recherche pour les domaines " "approuvés." -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "Domaine Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "Domaine d’Active Directory activés" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "Adresse du serveur Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "Adresse du serveur Active Directory de secours" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "Nom de système du client Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "Filtre LDAP pour déterminer les autorisations d'accès" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "Choisir d'utiliser ou non le catalogue global pour les recherches" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "Mode opératoire pour les contrôles d'accès basé sur les GPO" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" @@ -1108,7 +1110,7 @@ msgstr "" "Durée entre les recherches de fichiers de politiques de GPO dans le serveur " "AD" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" @@ -1116,7 +1118,7 @@ msgstr "" "Noms de services PAM correspondant à la configuration de la politique " "(Deny)InteractiveLogonRight de la GPO" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" @@ -1124,305 +1126,305 @@ msgstr "" "Noms de services PAM correspondant à la configuration de la politique " "(Deny)RemoteInteractiveLogonRight de la GPO" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" "Noms de services PAM correspondant à la configuration de la politique " "(Deny)NetworkLogonRight de la GPO" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" "Noms de services PAM correspondant à la configuration de la politique " "(Deny)BatchLogonRight de la GPO" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" "Noms de services PAM correspondant à la configuration de la politique " "(Deny)ServiceLogonRight de la GPO" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" "Noms de services PAM pour lesquels les accès s'appuyant sur la GPO sont " "toujours autorisés" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" "Noms de services PAM pour lesquels les accès s'appuyant sur la GPO sont " "toujours interdits" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" "Droit de connexion par défaut (ou permission/interdiction) à utiliser pour " "les noms de services sans correspondance" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "un site particulier utilisé par le client" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" "Âge maximum en jours avant que le mot de passe du compte de la machine ne " "soit renouvelé" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "Option de réglage de la tâche de renouvellement du compte machine" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" "Indique s'il faut mettre à jour le mot de passe du compte de la machine dans " "la base de données Samba" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "Utiliser le port LDAPS pour les requêtes LDAP et Catalogue global" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" "Ne pas filtrer les groupes locaux d'un domaine à partir d'autres domaines" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Adresse du serveur Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "Adresse du serveur Kerberos de secours" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Domaine Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "Délai avant expiration de l'authentification" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "Choisir de créer ou non les fichiers kdcinfo" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "Où déposer les extraits de configuration krb5" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "Répertoire pour stocker les caches de crédits" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "Emplacement du cache de crédits de l'utilisateur" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "Emplacement du fichier keytab de validation des crédits" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "Activer la validation des crédits" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" "Stocker le mot de passe, si hors-ligne, pour une authentification ultérieure " "en ligne" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "Durée de vie renouvelable du TGT" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "Durée de vie du TGT" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "Durée entre deux vérifications pour le renouvellement" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "Active FAST" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "Sélectionne le principal à utiliser avec FAST" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" "Utilisez le PKINIT anonyme pour demander des informations d'identification " "FAST" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "Active la canonisation du principal" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "Active les principals d'entreprise" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" "Permet d'utiliser les domaines de sous-domaines pour l'authentification" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" "Un mappage des noms d'utilisateurs vers les noms de principaux Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Serveur où tourne le service de changement de mot de passe s'il n'est pas " "sur le KDC" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, l'adresse du serveur LDAP" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "ldap_backup_uri, l'URI du serveur LDAP" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "La base DN par défaut" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Le type de schéma utilisé sur le serveur LDAP, rfc2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "Mode utilisé pour modifier le mot de passe utilisateur" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "Le DN de connexion par défaut" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "Le type de jeton d'authentification du DN de connexion par défaut" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "Le jeton d'authentification du DN de connexion par défaut" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "Durée pendant laquelle il sera tenté d'établir la connexion" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Durée pendant laquelle il sera tenté des opérations LDAP synchrones" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "Durée d'attente entre deux essais de reconnexion en mode hors-ligne" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "N'utiliser que des majuscules pour les noms de domaine" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "Fichier contenant les certificats des CA" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "Chemin vers le répertoire de certificats des CA" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "Fichier contenant le certificat client" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "Fichier contenant la clé du client" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "Liste des suites de chiffrement possibles" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "Requiert une vérification de certificat TLS" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "Spécifier le mécanisme SASL à utiliser" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "Spécifier l'identité d'authorisation SASL à utiliser" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "Spécifier le domaine d'authorisation SASL à utiliser" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "Spécifie le minimum SSF pour l'autorisation sasl LDAP" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "Spécifie le SFF maximal pour l'autorisation sasl LDAP" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "Service du fichier keytab de Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "Utiliser l'authentification Kerberos pour la connexion LDAP" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "Suivre les référents LDAP" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "Durée de vie du TGT pour la connexion LDAP" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "Comment déréférencer les alias" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "Nom du service pour les recherches DNS" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "Le nombre d'enregistrements à récupérer dans une requête LDAP unique" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" "Nombre de membres qui doivent être manquants pour activer un déréférencement " "complet" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "Ignorer les références LDAP illisibles" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" @@ -1430,7 +1432,7 @@ msgstr "" "Est-ce que la bibliothèque LDAP doit effectuer une requête pour canoniser le " "nom d'hôte pendant une connexion SASL" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -1438,410 +1440,409 @@ msgstr "" "Permet de conserver les utilisateurs locaux en tant que membres d'un groupe " "LDAP pour les serveurs qui utilisent le schéma RFC2307." -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "attribut entryUSN" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "attribut lastUSN" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" "Combien de temps conserver la connexion au serveur LDAP avant de se " "déconnecter" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "Désactiver le contrôle des pages LDAP" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "Désactiver la récupération de plage Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "Durée d'attente pour une requête de recherche" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "Durée d'attente pour une requête d'énumération" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "Durée entre deux mises à jour d'énumération" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "Écart maximal de période entre les mises à jour de l'énumération" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "Durée entre les nettoyages de cache" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "Écart de temps maximal entre les nettoyages du cache" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "TLS est requis pour les recherches d'identifiants" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" "Utilisation de la correspondance d'ID pour les objectSID au lieu d'ID pré-" "établis" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "Base DN pour les recherches d'utilisateurs" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "Scope des recherches d'utilisateurs" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "Filtre pour les recherches d'utilisateurs" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "Classe d'objet pour les utilisateurs" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "Attribut de nom d'utilisateur" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "Attribut UID" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "Attribut de GID primaire" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "Attribut GECOS" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "Attribut de répertoire utilisateur" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "Attribut d'interpréteur de commandes" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "attribut UUID" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "attribut objectSID" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "Groupe primaire Active Directory pour la correspondance d'ID" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "Attribut d'utilisateur principal (pour Kerberos)" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "Nom complet" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "Attribut memberOf" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "Attribut de date de modification" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "Attribut shadowLastChange" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "Attribut shadowMin" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "Attribut shadowMax" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "Attribut shadowWarning" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "Attribut shadowInactive" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "Attribut shadowExpire" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "Attribut shadowFlag" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "Attribut listant les services PAM autorisés" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "Attribut listant les hôtes de serveurs autorisés" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "Attribut listant les rhosts de serveurs autorisés" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "Attribut krbLastPwdChange" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "Attribut krbPasswordExpiration" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" "Attribut indiquant que la stratégie de mot de passe du serveur est active" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "Attribut AD accountExpires" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "Attribut AD userAccountControl" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "Attribut nsAccountLock" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "Attribut NDS loginDisabled" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "Attribut NDS loginExpirationTime" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "Attribut NDS loginAllowedTimeMap" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "Attribut de clé public SSH" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" "attribut énumérant les types d'authentification autorisés pour un utilisateur" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "attribut contenant le certificat X509 de l'utilisateur" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "attribut contenant l’adresse email de l'utilisateur" -#: src/config/SSSDConfig/sssdoptions.py:449 -#, fuzzy +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" -msgstr "attribut contenant l’adresse email de l'utilisateur" +msgstr "attribut contenant les données de mappage de la clé de l'utilisateur" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" "Une liste des attributs supplémentaires à télécharger avec l'entrée de " "l'utilisateur" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "DN de base pour les recherches de groupes" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "Classe d'objet pour les groupes" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "Nom du groupe" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "Mot de passe du groupe" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "Attribut GID" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "Attribut membre du groupe" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "attribut de l'UUID du groupe" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "Attribut de date de modification pour les groupes" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "Type de groupe et autres indicateurs" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "L'attribut de membre externe du groupe LDAP" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "Le niveau d'imbrication maximal du SSSD suivra" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "Filtre pour les recherches de groupes" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "Portée des recherches de groupe" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "DN de base pour les recherches de netgroup" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "Classe d'objet pour les groupes réseau" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "Nom du groupe réseau" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "Attribut des membres des groupes réseau" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "Attribut triplet du groupe réseau" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "Attribut date de modification pour les groupes réseau" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "Nom de domaine (DN) de base pour les recherches de service" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "Classe objet pour les services" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "Attribut de nom de service" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "Attribut de port du service" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "Attribut de service du protocole" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "Limite inférieure pour la correspondance d'ID" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "Limite supérieure pour la correspondance d'ID" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "Nombre d'ID par tranche pour la correspondance d'ID" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" "Utilisation d'un algorithme compatible autorid pour la correspondance d'ID" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "Nom du domaine par défaut pour la correspondance d'ID" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "SID du domaine par défaut pour la correspondance d'ID" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "Nombre de tranches secondaires" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "Choisir d'utiliser ou non les groupes de jetons" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" "Définir la limite inférieure d'identifiants autorisés pour l'annuaire LDAP" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" "Définir la limite supérieure d'identifiants autorisés pour l'annuaire LDAP" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "DN pour les requêtes sur ppolicy" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "Combien d'entrées maximum à récupérer lors d'une demande de wildcard" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "Définir le niveau de débogage de libldap" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "Stratégie d'évaluation de l'expiration du mot de passe" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "Quels attributs utiliser pour déterminer si un compte a expiré" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "URI d'un serveur LDAP où les changements de mot de passe sont acceptés" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" "URI d'un serveur LDAP de secours où sont autorisées les modifications de mot " "de passe" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "Nom du service DNS pour le serveur de changement de mot de passe LDAP" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" @@ -1849,27 +1850,27 @@ msgstr "" "Choix de mise à jour de l'attribut ldap_user_shadow_last_change après un " "changement de mot de passe" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "Nom de domaine (DN) de base pour les recherches de règles sudo" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "Périodicité de rafraichissement total" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "Périodicité de rafraichissement intelligent" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "Décalage aléatoire Smart ou de Rafraîchissement total" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "Filter ou non sur les noms de systèmes, adresses IP et réseaux" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" @@ -1877,154 +1878,154 @@ msgstr "" "Noms de systèmes et/ou noms pleinement qualifiés de cette machine pour " "filtrer les règles sudo" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" "Adresses ou réseaux IPv4 ou IPv6 de cette machine pour filtrer les règles " "sudo" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" "Inclure ou non les règles qui contiennent un netgroup dans l'attribut host" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" "Inclure ou non les règles qui contiennent une expression rationnelle dans " "l'attribut host" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "Classe objet pour les règles sudo" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" "Nom de l'attribut qui est utilisé comme classe d'objet pour les règles sudo" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "Règle de nom sudo" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "Attribut de commande de règle sudo" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "Attribut hôte de la règle sudo" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "Attribut utilisateur de la règle sudo" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "Attribut option de la règle sudo" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "Attribut de règle sudo runas" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "Attribut runasuser de la règle sudo" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "Attribut runasgroup de la règle sudo" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "Attribut notbefore de la règle sudo" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "Attribut notafter de règle sudo" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "Attribut d'ordre de règle sudo" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "Classe objet pour la carte de montage automatique" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "Nom de l'attribut de carte de montage automatique" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "Classe objet pour l'entrée de référence de montage automatique" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "Attribut de clé d'entrée pour la carte de montage automatique" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "Attribut de valeur pour la carte de montage automatique" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "Base DN pour les requêtes de carte de montage automatique" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "Le nom de la table de montage automatique maîtresse dans LDAP." -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "DN de base pour la recherche d'hôtes IP" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "Classe d'objet pour les hôtes IP" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "Attribut du nom d'hôte IP" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "Attribut (adresse) du numéro d'hôte IP" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "Attribut entryUSN d’hôte IP" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "DN de base pour la recherche de réseaux IP" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "Classe d'objets pour les réseaux IP" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "Attribut du nom du réseau IP" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "Attribut (adresse) du numéro de réseau IP" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "Attribut entryUSN de réseau IP" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "Liste, séparée par des virgules, d'utilisateurs autorisés" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "Liste, séparée par des virgules, d'utilisateurs interdits" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." @@ -2033,7 +2034,7 @@ msgstr "" "s'applique qu'à des groupes dans un domaine SSSD. Les groupes locaux ne sont " "pas pris en compte." -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " @@ -2043,33 +2044,33 @@ msgstr "" "s'applique qu'à des groupes dans un domaine SSSD. Les groupes locaux ne sont " "pas pris en compte." -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "Le nombre d'enfants proxy pré-fourche." -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "Nom de la bibliothèque NSS à utiliser" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" "Le nom de la bibliothèque du NSS à utiliser pour les recherches réseaux et " "hôtes" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "Rechercher le nom canonique du groupe dans le cache si possible" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "Pile PAM à utiliser" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "Chemin des sources des fichiers passwd." -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "Chemin des sources des fichiers de groupe." @@ -2118,67 +2119,67 @@ msgstr "S’exécutant sous %, doit être superutilisateur (root)\n" msgid "SSSD is already running\n" msgstr "SSSD est déjà en cours d'exécution\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "Autoriser les vidages de noyau" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "Un descripteur de fichier ouvert pour les journaux de débogage" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "L'utilisateur à utiliser pour la création du ccache FAST" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "Le groupe à utiliser pour la création du ccache FAST" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "Utilisez le PKINIT anonyme pour obtenir un ticket FAST armor" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "Domaine Kerberos à utiliser" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "Demande de renouvellement à vie du billet" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "Demande de renouvellement à vie du billet" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "Options FAST ('never', 'try', 'demand')" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "Spécifie le principal de serveur afin d'utiliser FAST" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "Demande la canonisation du nom principal" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "Utiliser la version personnalisée de krb5_get_init_creds_password" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "ID de chaîne Tevent utilisé à des fins de journalisation" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "Vérifier les indicateurs PAC" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "Échec de talloc_asprintf.\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "Échec de set_debug_file_from_fd.\n" @@ -2186,37 +2187,37 @@ msgstr "Échec de set_debug_file_from_fd.\n" msgid "Domain of the information provider (mandatory)" msgstr "Domaine du fournisseur d'informations (obligatoire)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" "Le socket privilégié a de mauvaises permissions ou un mauvais propriétaire." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" "Le socket public a de mauvaises permissions ou un mauvais propriétaire." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Le message du serveur de crédits a un format inattendu." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD n'est pas démarré par root." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "La socket SSSD n'existe pas." -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "Impossible d'obtenir le stat du socket SSSD." -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "Une erreur est survenue mais aucune description n'est trouvée." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Erreur inattendue lors de la recherche de la description de l'erreur" @@ -2224,58 +2225,64 @@ msgstr "Erreur inattendue lors de la recherche de la description de l'erreur" msgid "Permission denied. " msgstr "Accès refusé. " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Message du serveur : " #: src/sss_client/pam_sss.c:71 -msgid "Enter PIN:" +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:72 +msgid "Enter PIN:" +msgstr "Saisissez le code PIN :" + +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Les mots de passe ne correspondent pas" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "" "La réinitialisation du mot de passe par root n'est pas prise en charge." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Authentifié avec les crédits mis en cache" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", votre mot de passe en cache expirera à : " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" "Votre mot de passe a expiré. Il vous reste %1$d connexion(s) autorisée(s)." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Votre mot de passe expirera dans %1$d %2$s." -#: src/sss_client/pam_sss.c:627 -#, fuzzy, c-format +#: src/sss_client/pam_sss.c:628 +#, c-format msgid "Your password has expired." -msgstr "Votre mot de passe expirera dans %1$d %2$s." +msgstr "Votre mot de passe a expiré." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "L'authentification est refusée jusque : " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "" "Le système est hors-ligne, les modifications du mot de passe sont impossibles" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" @@ -2283,65 +2290,71 @@ msgstr "" "Après avoir modifié le mot de passe OTP, vous devez vous déconnecter et vous " "reconnecter afin d'acquérir un ticket" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "PIN verrouillé" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Échec du changement de mot de passe. " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "Authentifiez-vous sur %1$s et appuyez sur ENTRÉE." -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "Authentifiez-vous avec le PIN %1$s à %2$s et appuyez sur ENTRÉE." -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "Veuillez (ré)insérer une carte à puce (différente)" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Nouveau mot de passe : " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Retaper le nouveau mot de passe : " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "Premier facteur : " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "Deuxième facteur (facultatif) : " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "Second facteur : " -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." -msgstr "" +msgstr "Insérez votre passe-partout, puis appuyez sur la touche ENTER." -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Mot de passe : " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "Premier facteur (mot de passe actuel) : " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Mot de passe actuel : " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "Mot de passe expiré. Changez votre mot de passe maintenant." @@ -2684,9 +2697,8 @@ msgid "Passkey related tools:" msgstr "Outils liés à la clé d’accès :" #: src/tools/sssctl/sssctl.c:348 -#, fuzzy msgid "Perform passkey registration" -msgstr "Effectuer des opérations liées à la clé d’accès" +msgstr "Effectuer l'enregistrement de la clé d'accès" #: src/tools/sssctl/sssctl_cache.c:31 #, c-format @@ -2868,9 +2880,8 @@ msgid "Error while reading configuration directory.\n" msgstr "Erreur lors de la lecture du répertoire de configuration.\n" #: src/tools/sssctl/sssctl_config.c:147 -#, fuzzy msgid "There is no configuration.\n" -msgstr "Impossible de charger la configuration à partir de %s.\n" +msgstr "Il n'y a pas de configuration.\n" #: src/tools/sssctl/sssctl_config.c:157 msgid "Failed to run validators" diff --git a/po/hu.po b/po/hu.po index 34d8c1cbf16..8b2ba9b56e7 100644 --- a/po/hu.po +++ b/po/hu.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2014-12-14 11:45-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Hungarian (http://www.transifex.com/projects/p/sssd/language/" @@ -591,12 +591,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" @@ -680,1162 +680,1166 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "IPA-tartomány" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "IPA kiszolgáló címe" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "IPA kliens hosztneve" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Kerberos-kiszolgáló címe" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Kerberos-tartomány" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "Időtúllépés azonosításkor" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, az LDAP szerver URI-ja" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "Alapértelmezett LDAP alap-DN-je" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Az LDAP szerveren használt séma-típus, rfc2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "Az alapértelmezett bind DN" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "A kapcsolódási próbálkozás időtartama" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "A CA tanusítványokat tartalmazó fájl" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "TLS tanusítvány ellenőrzése" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "TLS megkövetelése ID keresésekor" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "GECOS attribútum" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "Shell attribútum" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "Teljes név" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "memberOf attribútum" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "Csoport neve" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "Csoport jelszava" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1884,67 +1888,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1952,35 +1956,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "Az SSSD nem root-ként fut." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "Hiba lépett fel, de nem érhetőek el részletek." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" @@ -1988,119 +1992,131 @@ msgstr "" msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Szerver üzenete:" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "A jelszavak nem egyeznek" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "A jelszó root általi visszaállítása nem támogatott." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Azonosítva gyorsítótárazott adatbázisból" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", a gyorsítótárazott jelszó lejár ekkor: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr ", a gyorsítótárazott jelszó lejár ekkor: " -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "A bejelentkezés tiltott eddig:" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "A rendszer nem érhető el, a jelszó megváltoztatása nem lehetséges" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "A jelszó megváltoztatása nem sikerült." -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Új jelszó:" -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Jelszó mégegyszer: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Jelszó: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Jelenlegi jelszó:" -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "A jelszava lejárt, változtass meg most." diff --git a/po/id.po b/po/id.po index 28c59a005ab..b037617ac4a 100644 --- a/po/id.po +++ b/po/id.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2014-12-14 11:46-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Indonesian (http://www.transifex.com/projects/p/sssd/language/" @@ -588,12 +588,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" @@ -677,1162 +677,1166 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "Domain IPA" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "Alamat server IPA" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "Nama host klien IPA" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Alamat server Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Realm Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, URI server LDAP" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Jenis Skema yang digunakan pada server LDAP, rfc2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "Lamanya waktu untuk mencoba koneksi" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Lamanya waktu untuk mencoba operasi LDAP yang sinkron" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "Lamanya waktu antara upaya untuk menyambung kembali saat luring" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "Membutuhkan verifikasi sertifikat TLS" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "Tentukan mekanisme sasl yang digunakan" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "Tentukan id otorisasi sasl yang digunakan" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "Keytab layanan Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "Gunakan otentikasi Kerberos untuk koneksi LDAP" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "Lingkup pencarian pengguna" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "Filter pencarian pengguna" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "Objectclass untuk pengguna" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "Atribut Nama pengguna" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "Atribut UID" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "Atribut GID Primer" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "Atribut GECOS" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "Atribut direktori Home" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "Atribut Shell" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "Atribut utama pengguna (untuk Kerberos)" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "Nama Lengkap" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "Atribut memberOf" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "Atribut waktu modifikasi" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "Daftar pengguna yang diijinkan dalam format yang dipisahkan koma" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "Daftar pengguna yang tidak diijinkan dalam format yang dipisahkan koma" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1881,67 +1885,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1949,35 +1953,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" @@ -1985,119 +1989,131 @@ msgstr "" msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Pesan server:" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Kata sandi tidak cocok" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr "Perubahan kata sandi gagal." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "Sistem sedang luring, perubahan kata sandi tidak dimungkinkan" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Perubahan kata sandi gagal." -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Kata Sandi Baru: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Masukkan lagi kata sandi baru:" -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Kata sandi:" -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Kata sandi saat ini:" -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/it.po b/po/it.po index e68fd483113..441e4605c59 100644 --- a/po/it.po +++ b/po/it.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2020-09-15 08:29+0000\n" "Last-Translator: Milo Casagrande \n" "Language-Team: Italian \n" "Language-Team: Japanese \n" +"sssd-2-9/ja/>\n" "Language: ja\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Weblate 4.15.2\n" +"X-Generator: Weblate 4.17\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -172,9 +172,8 @@ msgid "Enable or disable core dumps for all SSSD processes." msgstr "すべての SSSD プロセスのコアダンプを有効または無効にします。" #: src/config/SSSDConfig/sssdoptions.py:58 -#, fuzzy msgid "Tune passkey verification behavior" -msgstr "証明書検証の調整" +msgstr "パスキー検証の動作をチューニングする" #: src/config/SSSDConfig/sssdoptions.py:61 msgid "Enumeration cache timeout length (seconds)" @@ -397,18 +396,16 @@ msgstr "" " のリスト" #: src/config/SSSDConfig/sssdoptions.py:117 -#, fuzzy msgid "Allow passkey device authentication." -msgstr "証明書ベースまたはスマートカードによる認証を許可します。" +msgstr "パスキーデバイス認証を許可します。" #: src/config/SSSDConfig/sssdoptions.py:118 -#, fuzzy msgid "How many seconds will pam_sss wait for passkey_child to finish" -msgstr "p11_child が完了するまでに pam_sss が待つ秒数" +msgstr "pam_sss が passkey_child の終了を待機する秒数" #: src/config/SSSDConfig/sssdoptions.py:119 msgid "Enable debugging in the libfido2 library" -msgstr "" +msgstr "lifido2 ライブラリーでデバッグを有効にする" #: src/config/SSSDConfig/sssdoptions.py:122 msgid "Whether to evaluate the time-based attributes in sudo rules" @@ -644,12 +641,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "自動的にクライアントの DNS エントリーを更新するかどうか" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "クライアントの DNS 項目を更新後、適用する TTL" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "動的 DNS 更新のために使用される IP のインターフェース" @@ -741,95 +738,99 @@ msgstr "" "この値は、最初の認証要素 (長期パスワード) を SHA512 ハッシュとしてキャッシュ" "に保存する必要がある最小の長さを決定します。" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "IPA ドメイン" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "IPA サーバーのアドレス" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "バックアップ IPA サーバーのアドレス" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "IPA クライアントのホスト名" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "FreeIPA にあるクライアントの DNS エントリーを自動的に更新するかどうか" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "HBAC 関連オブジェクトの検索ベース" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "IPA サーバーに対する HBAC ルールを検索している間の合計時間" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "IPA サーバーに対する SELinux マップの検索の間の秒単位の合計時間" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "もし偽に設定されていると、PAM により渡されたホスト引数は無視されます" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "この IPA クライアントが使用している automounter の場所" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "IPA ドメインに関する情報を含むオブジェクトに対する検索ベース" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "ID 範囲に関する情報を含むオブジェクトに対する検索ベース" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "DNS サイトの有効化 - 位置ベースのサービス検索" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "ビューコンテナーの検索ベース" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "ビューコンテナーのオブジェクトクラス" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "ビューの名前の属性" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "上書きされたオブジェクトのオブジェクトクラス" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "オリジナルオブジェクトを参照する属性" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "ユーザーが上書きするオブジェクトのオブジェクトクラス" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "グループが上書きするオブジェクトのオブジェクトクラス" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "デスクトッププロファイルに関連するオブジェクトの検索ベース" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" @@ -837,7 +838,7 @@ msgstr "" "IPA サーバーに対するデスクトッププロファイルルールを検索している間の秒単位の" "合計時間" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" @@ -845,41 +846,41 @@ msgstr "" "最後の要求がルールを何も見つけなかった場合の IPA サーバーに対するデスクトップ" "プロファイルルールを検索している間の分単位の合計時間" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "SUBID 範囲の検索ベース" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "どのルールがアクセス制御を評価するために使用されるか" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "ホストの FQDN を含む LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "LDAP にあるホストエントリーのオブジェクトクラスです。" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "ホストオブジェクトの検索ベースとして与えられた文字列を使用します。" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "ホストの SSH 公開鍵を含む LDAP 属性です。" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "ネットグループの NIS ドメイン名を含む LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "ネットグループのメンバーの名前を含む LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." @@ -887,7 +888,7 @@ msgstr "" "ネットグループのメンバーであるホストとホストグループの FQDN を一覧表示する " "LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." @@ -895,11 +896,11 @@ msgstr "" "ネットグループの直接のメンバーであるホストとホストグループを一覧表示する " "LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "ネットグループのメンバーシップを一覧表示する LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." @@ -907,45 +908,45 @@ msgstr "" "ネットグループの直接のメンバーであるシステムユーザーとグループを一覧表示する " "LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "ネットワークグループ名に対応する LDAP 属性です。" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "LDAP にあるネットワークグループエントリーのオブジェクトクラスです。" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "LDAP ネットグループオブジェクトの UUID/GUID を含む LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "使用のためにユーザーマップが有効になっているかどうかを含む LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "'all' などのホストカテゴリを含む LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "このルールがマッチするすべてのホスト/ホストグループを含む LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "このルールがマッチするすべてのユーザー/グループを含む LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "SELinux usermap の名前を含む LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." @@ -953,19 +954,19 @@ msgstr "" "memberUser および memberHost の代わりにマッチングに使用できる HBAC ルールの " "DN を含む LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "SELinuxのユーザー文字列そのものを含む LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "'all' などのユーザーカテゴリーを含む LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "ユーザーマップの一意の ID を含む LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." @@ -974,58 +975,58 @@ msgstr "" "からのユーザーとグループの検索を異なる方法で実行する必要があることを示しま" "す。" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" "信頼されたドメインに対する検索ベースとして、与えられた文字列を使用します。" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "Active Directory ドメイン" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "有効化された Active Directory ドメイン" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "Active Directory サーバーアドレス" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "Active Directory バックアップサーバーのアドレス" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "Active Directory クライアントホスト名" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "アクセス権限を決めるための LDAP フィルター" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "検索にグローバルカタログを使用するかどうか" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "グローバルカタログベースのアクセス制御に対するオペレーションモード" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "AD サーバーに対する GPO ポリシーファイルを検索している間の合計時間" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" "GPO (Deny)InteractiveLogonRight のポリシー設定にマッピングした PAM サービス名" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" @@ -1033,282 +1034,282 @@ msgstr "" "GPO (Deny)RemoteInteractiveLogonRight のポリシー設定にマッピングした PAM サー" "ビス名" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" "GPO (Deny)NetworkLogonRight のポリシー設定にマッピングした PAM サービス名" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" "GPO (Deny)BatchLogonRight のポリシー設定にマッピングした PAM サービス名" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "(Deny)ServiceLogonRight のポリシー設定にマッピングした PAM サービス名" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "GPO ベースのアクセスが常に許可される PAM サービス名" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "GPO ベースのアクセスが常に拒否される PAM サービス名" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" "マッピングされていない PAM サービス名に使用するデフォルトのログオン権利 (また" "は許可/拒否)" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "クライアントが使用する特定のサイト" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "マシンアカウントのパスワードの更新が必要となるまでの最大日数" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "マシンアカウントの更新タスクをチューニングするオプション" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "Samba データベースのマシンアカウントパスワードを更新するかどうか" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "LDAP およびグローバルカタログのリクエストに LDAPS ポートを使用する" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "他のドメインからのドメインローカルグループをフィルターしない" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Kerberos サーバーのアドレス" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "Kerberos バックアップサーバーのアドレス" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Kerberos レルム" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "認証のタイムアウト" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "kdcinfo ファイルを作成するかどうか" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "krb5 設定スニペットを削除する場所" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "クレデンシャルのキャッシュを保存するディレクトリー" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "ユーザーのクレデンシャルキャッシュの位置" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "クレデンシャルを検証するキーテーブルの場所" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "クレデンシャルの検証を有効にする" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "後からオンライン認証するためにオフラインの場合にパスワードを保存します" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "更新可能な TGT の有効期間" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "TGT の有効期間" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "更新を確認する間隔" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "FAST を有効にする" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "FAST に使用するプリンシパルを選択する" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "匿名の PKINIT を使用して FAST の認証情報を要求する" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "プリンシパル正規化を有効にする" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "エンタープライズ・プリンシパルの有効化" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "認証にサブドメインレルムの使用を有効化" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "ユーザー名から Kerberos プリンシパル名までのマッピング" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "KDC になければ、パスワード変更サービスが実行されているサーバー" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, LDAP サーバーの URI" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "ldap_backup_uri, LDAP サーバーの URI" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "デフォルトのベース DN" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "LDAP サーバーにおいて使用中のスキーマ形式、rfc2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "ユーザーのパスワードの変更にモードを使用しました" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "デフォルトのバインド DN" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "デフォルトのバインド DN の認証トークンの種類" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "デフォルトのバインド DN の認証トークン" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "接続を試行する時間" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "LDAP 同期操作を試行する時間" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "オフラインの間に再接続を試行する時間" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "レルム名に対して大文字のみを使用する" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "CA 証明書を含むファイル" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "CA 証明書のディレクトリーのパス" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "クライアント証明書を含むファイル" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "クライアントの鍵を含むファイル" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "利用可能な暗号の一覧" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "TLS 証明書の検証を要求する" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "使用する SASL メカニズムを指定する" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "使用する SASL 認可 ID を指定する" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "使用する SASL 認可レルムを指定する" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "LDAP SASL 認可の最小 SSF を指定する" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "LDAP SASL 認可の最大 SSF を指定する" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "Kerberos サービスのキーテーブル" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "LDAP 接続に対して Kerberos 認証を使用する" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "LDAP リフェラルにしたがう" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "LDAP 接続の TGT の有効期間" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "エイリアスを参照解決する方法" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "DNS サービス検索のサービス名" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "単一の LDAP クエリーにおいて取得するレコード数" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "完全な参照解決を引き起こすために欠けている必要があるメンバーの数" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "読むことのできない LDAP 参照を無視する" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" @@ -1316,7 +1317,7 @@ msgstr "" "LDAP ライブラリーが SASL バインド中にホスト名を正規化するために逆引きを実行す" "るかどうか" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -1324,425 +1325,424 @@ msgstr "" "RFC2307 スキーマを使用するサーバーの LDAP グループのメンバーとしてローカル" "ユーザーを保持することができます。" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "entryUSN 属性" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "lastUSN 属性" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "LDAP サーバーを切断する前に接続を保持する時間" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "LDAP ページング制御を無効化する" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "Active Directory 範囲の取得の無効化" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "検索要求を待つ時間" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "列挙の要求を待つ時間" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "列挙の更新間隔" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "列挙更新間隔の最大期間の逸脱" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "キャッシュをクリーンアップする間隔" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "キャッシュクリーンアップ間隔の最大期間の逸脱" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "ID 検索に TLS を要求する" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "事前設定済み ID の代わりに objectSID の ID マッピングを使用します" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "ユーザー検索のベース DN" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "ユーザー検索の範囲" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "ユーザー検索のフィルター" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "ユーザーのオブジェクトクラス" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "ユーザー名の属性" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "UID の属性" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "プライマリー GID の属性" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "GECOS の属性" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "ホームディレクトリーの属性" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "シェルの属性" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "UUID 属性" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "objectSID 属性" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "ID マッピングの Active Directory プライマリーグループ属性" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "ユーザープリンシパルの属性 (Kerberos 用)" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "氏名" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "memberOf 属性" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "変更日時の属性" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "shadowLastChange 属性" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "shadowMin 属性" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "shadowMax 属性" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "shadowWarning 属性" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "shadowInactive 属性" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "shadowExpire 属性" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "shadowFlag 属性" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "認可された PAM サービスを一覧化する属性" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "認可されたサーバーホストを一覧化する属性" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "認可されたサーバー rhosts を一覧化する属性" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "krbLastPwdChange 属性" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "krbPasswordExpiration 属性" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "サーバー側パスワードポリシーが有効であることを意味する属性" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "AD の accountExpires 属性" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "AD の userAccountControl 属性" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "nsAccountLock 属性" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "NDS の loginDisabled 属性" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "NDS の loginExpirationTime 属性" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "NDS の loginAllowedTimeMap 属性" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "SSH 公開鍵の属性" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "ユーザー用に許可された認証タイプを一覧化する属性" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "ユーザーの X509 証明書を含む属性" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "ユーザーの電子メールアドレスを含む属性" -#: src/config/SSSDConfig/sssdoptions.py:449 -#, fuzzy +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" -msgstr "ユーザーの電子メールアドレスを含む属性" +msgstr "ユーザーのパスキーマッピングデータを含む属性" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "ユーザーエントリーと共にダウンロードする追加的な属性の一覧" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "グループ検索のベース DN" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "グループのオブジェクトクラス" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "グループ名" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "グループのパスワード" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "GID 属性" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "グループメンバー属性" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "グループ UUID 属性" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "グループの変更日時の属性" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "グループおよび他のフラグのタイプ" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "LDAP グループの外部メンバーの属性" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "SSSD が従う最大ネストレベル" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "グループ検索のフィルター" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "グループ検索の範囲" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "ネットグループ検索のベース DN" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "ネットグループのオブジェクトクラス" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "ネットグループ名" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "ネットグループメンバーの属性" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "ネットグループの三つ組の属性" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "ネットグループの変更日時の属性" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "サービス検索のベース DN" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "サービスのオブジェクトクラス" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "サービス名の属性" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "サービスポートの属性" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "サービスプロトコルの属性" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "ID マッピングの下限" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "ID マッピングの上限" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "ID マッピングするとき、各スライスに対する ID の数" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "ID マッピングに対する autorid 互換アルゴリズムを使用します" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "ID マッピングに対するデフォルトドメインの名前" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "ID マッピングに対するデフォルトドメインの SID" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "セカンダリースライスの数" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "Token-Group を使うかどうか" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "LDAP サーバーから許可される ID の下限の設定" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "LDAP サーバーから許可される ID の上限の設定" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "ppolicy クエリーの DN" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "ワイルドカードの要求の間に取得する最大エントリーの数" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "libldap デバッグレベルの設定" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "パスワード失効の評価のポリシー" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "どの属性がアカウントが失効しているかを評価するために使用されるか" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "パスワードの変更が許可される LDAP サーバーの URI" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "パスワードの変更が許可されるバックアップ LDAP サーバーの URI" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "LDAP パスワードの変更サーバーの DNS サービス名" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "パスワード変更後 ldap_user_shadow_last_change 属性を更新するかどうか" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "sudo ルール検索のベース DN" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "自動的な完全更新間隔" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "自動的なスマート更新間隔" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "スマートおよびフル更新ランダムオフセット" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" "ホスト名、IP アドレスおよびネットワークによるフィルタールールを使用するかどう" "か" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" @@ -1750,150 +1750,150 @@ msgstr "" "sudo ルールをフィルターするこのマシンのホスト名および/または完全修飾ドメイン" "名" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" "sudo ルールをフィルターするこのマシンの IPv4 または IPv6 アドレスまたはネット" "ワーク" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "ホスト属性にネットワークグループを含むルールを含めるかどうか" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "ホスト属性に正規表現を含むルールを含めるかどうか" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "sudo ルールのオブジェクトクラス" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "sudo ルールのオブジェクトクラスとして使用される属性の名前" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "sudo ルール名" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "sudo ルールのコマンドの属性" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "sudo ルールのホストの属性" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "sudo ルールのユーザーの属性" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "sudo ルールのオプションの属性" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "sudo ルールの runas の属性" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "sudo ルールの runasuser の属性" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "sudo ルールの runasgroup の属性" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "sudo ルールの notbefore の属性" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "sudo ルールの notafter の属性" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "sudo ルールの order の属性" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "automounter マップのオブジェクトクラス" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "オートマウントのマップ名の属性" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "automounter マップエントリーのオブジェクトクラス" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "automounter マップエントリーの鍵属性" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "automounter マップエントリーの値属性" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "automonter のマップ検索のベース DN" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "LDAP のオートマウントマスターマップの名前。" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "IP ホストのルックアップのためのベース DN" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "IP ホストのオブジェクトクラス" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "IP ホスト名属性" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "IP ホスト番号 (アドレス) 属性" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "IP ホストエントリー USN 属性" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "IP ネットワーク検索のためのベース DN" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "IP ネットワークのオブジェクトクラス" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "IP ネットワーク名属性" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "IP ネットワーク番号 (アドレス) 属性" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "IP ネットワークエントリー USN 属性" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "許可ユーザーのカンマ区切り一覧" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "禁止ユーザーのカンマ区切り一覧" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." @@ -1901,7 +1901,7 @@ msgstr "" "ログインが許可されるグループのカンマ区切りの一覧。これは、SSSDドメイン内のグ" "ループにのみ適用されます。ローカルグループは評価されません。" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " @@ -1910,31 +1910,31 @@ msgstr "" "排他的にアクセスが拒否されたグループのカンマ区切りの一覧。これは、この SSSD " "ドメイン内のグループにのみ適用されます。ローカルグループは評価されません。" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "事前にフォークされた子プロキシーの数。" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "使用する NSS ライブラリーの名前" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "ホストやネットワークの検索に使用する NSS ライブラリの名前" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "可能ならばキャッシュから正規化されたグループ名を検索するかどうか" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "使用する PAM スタック" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "passwd ファイルソースへのパス。" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "グループファイルソースへのパス。" @@ -1983,67 +1983,67 @@ msgstr "% で実行 (root でなければなりません)\n" msgid "SSSD is already running\n" msgstr "SSSD はすでに実行中です\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "コアダンプの許可" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "デバッグログのオープンファイルディスクリプター" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "次のように FAST ccache を作成するユーザー" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "次のように FAST ccache を作成するグループ" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "匿名の PKINIT を使用して FAST の armo チケットを要求する" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "使用する Kerberos レルム" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "チケットの要求された有効期間" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "チケットの要求された更新可能な有効期間" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "FAST のオプション ('never'、'try'、'demand')" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "FAST で使用するサーバープリンシパルを指定します" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "プリンシパル名の正規化を要求します" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "krb5_get_init_creds_password のカスタムバージョンを使用します" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "デバッグのロギングの冗長性を設定する" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "PAC フラグを確認する" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "talloc_asprintf は失敗しました。\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "set_debug_file_from_fd は失敗しました。\n" @@ -2051,35 +2051,35 @@ msgstr "set_debug_file_from_fd は失敗しました。\n" msgid "Domain of the information provider (mandatory)" msgstr "情報プロバイダーのドメイン (必須)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "特権ソケットの所有者またはパーミッションが誤っています。" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "公開ソケットの所有者またはパーミッションが誤っています。" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "サーバーのクレデンシャルメッセージの予期しない形式です。" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD は root により実行されません。" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "SSSD ソケットは存在しません。" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "SSSD ソケットの統計を取得できません。" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "エラーが発生しましたが、説明がありませんでした。" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "エラーの説明を検索中に予期しないエラーが発生しました" @@ -2087,55 +2087,61 @@ msgstr "エラーの説明を検索中に予期しないエラーが発生しま msgid "Permission denied. " msgstr "パーミッションが拒否されました。 " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "サーバーのメッセージ: " #: src/sss_client/pam_sss.c:71 -msgid "Enter PIN:" +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:72 +msgid "Enter PIN:" +msgstr "PIN の入力:" + +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "パスワードが一致しません" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "root によるパスワードのリセットはサポートされません。" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "キャッシュされているクレデンシャルを用いて認証されました" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr "、キャッシュされたパスワードが失効します: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "パスワードの期限が切れています。あと %1$d 回ログインできます。" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "あなたのパスワードは %1$d %2$s に期限切れになります。" -#: src/sss_client/pam_sss.c:627 -#, fuzzy, c-format +#: src/sss_client/pam_sss.c:628 +#, c-format msgid "Your password has expired." -msgstr "あなたのパスワードは %1$d %2$s に期限切れになります。" +msgstr "パスワードの有効期限が切れています。" -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "次まで認証が拒否されます: " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "システムがオフラインです、パスワード変更ができません" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" @@ -2143,65 +2149,71 @@ msgstr "" "OTP パスワードの変更後、チケットを取得するためにログアウト後に再びログインす" "る必要があります" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "PIN がロックされました" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "パスワードの変更に失敗しました。 " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "%1$s で認証し、ENTER を押します。" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "%2$s で PIN %1$s を使用して認証し、ENTER を押します。" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "(別の)スマートカードを挿入(し直)してください" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "新しいパスワード: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "新しいパスワードの再入力: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "1 番目の要素: " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "2 番目の要素 (オプション): " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "2 番目の要素: " -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." -msgstr "" +msgstr "パスキーデバイスを挿入し、ENTER キーを押します。" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "パスワード: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "1 番目の要素 (現在のパスワード): " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "現在のパスワード: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "パスワードの期限が切れました。いますぐパスワードを変更してください。" @@ -2539,9 +2551,8 @@ msgid "Passkey related tools:" msgstr "パスキー関連のツール:" #: src/tools/sssctl/sssctl.c:348 -#, fuzzy msgid "Perform passkey registration" -msgstr "パスキー関連の操作を実行します" +msgstr "パスキー登録の実行" #: src/tools/sssctl/sssctl_cache.c:31 #, c-format @@ -2723,9 +2734,8 @@ msgid "Error while reading configuration directory.\n" msgstr "設定ディレクトリーの読み込み中にエラーが発生しました。\n" #: src/tools/sssctl/sssctl_config.c:147 -#, fuzzy msgid "There is no configuration.\n" -msgstr "%s からの設定の読み込みに失敗しました。\n" +msgstr "設定はありません。\n" #: src/tools/sssctl/sssctl_config.c:157 msgid "Failed to run validators" @@ -3044,7 +3054,7 @@ msgstr "IFP サービスをターゲットに設定" #: src/tools/sssctl/sssctl_logs.c:552 msgid "Specify debug level you want to set" -msgstr "設定したいデバッグレベルを指定します" +msgstr "設定するデバッグレベルを指定します" #: src/tools/sssctl/sssctl_logs.c:600 msgid "ERROR: Tevent chain ID support missing, log analyzer is unsupported.\n" @@ -3082,17 +3092,17 @@ msgstr "SSSD nss ユーザー検索の結果:\n" #: src/tools/sssctl/sssctl_user_checks.c:195 #, c-format msgid " - user name: %s\n" -msgstr " - user name: %s\n" +msgstr " - ユーザー名: %s\n" #: src/tools/sssctl/sssctl_user_checks.c:196 #, c-format msgid " - user id: %d\n" -msgstr " - user id: %d\n" +msgstr " - ユーザー id: %d\n" #: src/tools/sssctl/sssctl_user_checks.c:197 #, c-format msgid " - group id: %d\n" -msgstr " - group id: %d\n" +msgstr " - グループ id: %d\n" #: src/tools/sssctl/sssctl_user_checks.c:198 #, c-format @@ -3102,7 +3112,7 @@ msgstr " - gecos: %s\n" #: src/tools/sssctl/sssctl_user_checks.c:199 #, c-format msgid " - home directory: %s\n" -msgstr " - home directory: %s\n" +msgstr " - ホームディレクトリー: %s\n" #: src/tools/sssctl/sssctl_user_checks.c:200 #, c-format diff --git a/po/ka.po b/po/ka.po index ff8fa46a9ed..7eab11cbb83 100644 --- a/po/ka.po +++ b/po/ka.po @@ -6,30 +6,30 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2023-02-25 10:20+0000\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" +"PO-Revision-Date: 2023-09-18 03:54+0000\n" "Last-Translator: Temuri Doghonadze \n" "Language-Team: Georgian \n" +"sssd-2-9/ka/>\n" "Language: ka\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" -"X-Generator: Weblate 4.15.2\n" +"X-Generator: Weblate 5.0.2\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 msgid "Set the verbosity of the debug logging" -msgstr "" +msgstr "გამართვის ჟურნალის შეტყობინებების სიდიდე" #: src/config/SSSDConfig/sssdoptions.py:22 msgid "Include timestamps in debug logs" -msgstr "" +msgstr "გამართვის ჟურნალში დროის შტამპების მიყოლება" #: src/config/SSSDConfig/sssdoptions.py:23 msgid "Include microseconds in timestamps in debug logs" -msgstr "" +msgstr "გამართვის ჟურნალში დროის შტამპებისთვის მიკროწამების მიყოლება" #: src/config/SSSDConfig/sssdoptions.py:24 msgid "Enable/disable debug backtrace" @@ -41,7 +41,7 @@ msgstr "" #: src/config/SSSDConfig/sssdoptions.py:26 msgid "Command to start service" -msgstr "" +msgstr "სერვისის გასაშვები ბრძანება" #: src/config/SSSDConfig/sssdoptions.py:27 msgid "Number of times to attempt connection to Data Providers" @@ -79,11 +79,11 @@ msgstr "" #: src/config/SSSDConfig/sssdoptions.py:39 msgid "SSSD Services to start" -msgstr "" +msgstr "SSSD -ის გასაშვები სერვისები" #: src/config/SSSDConfig/sssdoptions.py:40 msgid "SSSD Domains to start" -msgstr "" +msgstr "SSSD -ის გასაშვები დომენები" #: src/config/SSSDConfig/sssdoptions.py:41 msgid "Regex to parse username and domain" @@ -457,43 +457,43 @@ msgstr "" #: src/config/SSSDConfig/sssdoptions.py:161 msgid "Identity provider" -msgstr "" +msgstr "იდენტიფიკაციის მომწოდებელი" #: src/config/SSSDConfig/sssdoptions.py:162 msgid "Authentication provider" -msgstr "" +msgstr "ავთენტიკაციის მომწოდებელი" #: src/config/SSSDConfig/sssdoptions.py:163 msgid "Access control provider" -msgstr "" +msgstr "წვდომის კონტროლის მომწოდებელი" #: src/config/SSSDConfig/sssdoptions.py:164 msgid "Password change provider" -msgstr "" +msgstr "პაროლის შეცვლის მომწოდებელი" #: src/config/SSSDConfig/sssdoptions.py:165 msgid "SUDO provider" -msgstr "" +msgstr "SUDO -ის მომწოდებელი" #: src/config/SSSDConfig/sssdoptions.py:166 msgid "Autofs provider" -msgstr "" +msgstr "Autofs -ის მომწოდებელი" #: src/config/SSSDConfig/sssdoptions.py:167 msgid "Host identity provider" -msgstr "" +msgstr "ჰოსტის იდენტიფიკაციის მომწოდებელი" #: src/config/SSSDConfig/sssdoptions.py:168 msgid "SELinux provider" -msgstr "" +msgstr "SELinux -ის მომწოდებელი" #: src/config/SSSDConfig/sssdoptions.py:169 msgid "Session management provider" -msgstr "" +msgstr "სესიის მართვის მომწოდებელი" #: src/config/SSSDConfig/sssdoptions.py:170 msgid "Resolver provider" -msgstr "" +msgstr "ამომხსნელის მომწოდებელი" #: src/config/SSSDConfig/sssdoptions.py:173 msgid "Whether the domain is usable by the OS or by applications" @@ -586,12 +586,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" @@ -675,1162 +675,1166 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "IPA დომენი" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "IPA სერვერის მისამართი" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" -msgstr "" +msgstr "IPA კლიენტის ჰოსტის სახელი" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "Active Directory-ის დომენი" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" -msgstr "" +msgstr "Active Directory-ის ჩართული დომენები" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" -msgstr "" +msgstr "Active Directory -ის სერვერის მისამართი" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" -msgstr "" +msgstr "Active Directory -ის მარქაფი სერვერის მისამართი" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" -msgstr "" +msgstr "Active Directory -ის კლიენტის ჰოსტის სახელი" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" -msgstr "kerberos-ის რეალმი" +msgstr "Kerberos-ის რეალმი" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "entryUSN ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "lastUSN ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" -msgstr "" +msgstr "Objectclass მომხმარებლებისთვის" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "მომხმარებლის სახელის ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "UID ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "პირველადი GID ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "GECOS ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "Shell ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "UUID ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" -msgstr "" +msgstr "ატრიბუტ objectSID" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "სრული სახელი" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" -msgstr "" +msgstr "ატრიბუტი memberOf" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "მოდიფიკაციის დროის ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "shadowLastChange ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "shadowMin ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "shadowMax ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "shadowWarning ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "shadowInactive ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "shadowExpire ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "shadowFlag ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "krbLastPwdChange ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "krbPasswordExpiration ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "nsAccountLock ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "ჯგუფის სახელი" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "ჯგუფის პაროლი" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "GID ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "ჯგუფის წევრის ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "ჯგუფი UUID ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" -msgstr "" +msgstr "ქსელური ჯგუფის სახელი" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "სერვისის სახელის ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "სერვისის პორტის ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "სერვისის პროტოკოლის ატრიბუტი" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1879,67 +1883,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" -msgstr "" +msgstr "talloc_asprintf ჩავარდა.\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1947,35 +1951,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" @@ -1983,119 +1987,131 @@ msgstr "" msgid "Permission denied. " msgstr "წვდომა აკრძალულია. " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "პაროლები არ ემთხვევა" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, c-format msgid "Your password has expired." -msgstr "" +msgstr "თქვენს პაროლს ვადა გაუვიდა." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 -msgid "Password change failed. " +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." msgstr "" -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 +msgid "Password change failed. " +msgstr "პაროლის შეცვლის შეცდომა. " + +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "ახალი პაროლი: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "პაროლი: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " -msgstr "" +msgstr "მიმდინარე პაროლი: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "" @@ -2115,7 +2131,7 @@ msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" -msgstr "" +msgstr "არასაკმარისი მეხსიერება\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" @@ -2278,7 +2294,7 @@ msgstr "შეცდომა" #: src/tools/sssctl/sssctl.c:42 msgid "Invalid result." -msgstr "" +msgstr "არასწორი პასუხი." #: src/tools/sssctl/sssctl.c:78 msgid "Unable to read user input\n" @@ -2517,7 +2533,7 @@ msgstr "" #: src/tools/sssctl/sssctl_cert.c:216 msgid "Matching rule" -msgstr "" +msgstr "წესი, რომელიც ემთხვევა" #: src/tools/sssctl/sssctl_cert.c:226 msgid "Unable to parse command arguments\n" @@ -2829,7 +2845,7 @@ msgstr "" #: src/tools/sssctl/sssctl_logs.c:51 msgid "\n" -msgstr "" +msgstr "\n" #: src/tools/sssctl/sssctl_logs.c:215 msgid "SSSD is not running.\n" @@ -2926,21 +2942,21 @@ msgstr "" #: src/tools/sssctl/sssctl_user_checks.c:167 #, c-format msgid "dlopen failed with [%s].\n" -msgstr "" +msgstr "dlopen ჩავარდა შეცდომით [%s].\n" #: src/tools/sssctl/sssctl_user_checks.c:174 #, c-format msgid "dlsym failed with [%s].\n" -msgstr "" +msgstr "dlsym ჩავარდა შეცდომით [%s].\n" #: src/tools/sssctl/sssctl_user_checks.c:182 msgid "malloc failed.\n" -msgstr "" +msgstr "malloc ჩავარდა.\n" #: src/tools/sssctl/sssctl_user_checks.c:189 #, c-format msgid "sss_getpwnam_r failed with [%d].\n" -msgstr "" +msgstr "sss_getpwnam_r ჩავარდა შეცდომით [%d].\n" #: src/tools/sssctl/sssctl_user_checks.c:194 msgid "SSSD nss user lookup result:\n" @@ -3012,7 +3028,7 @@ msgstr "" #: src/tools/sssctl/sssctl_user_checks.c:263 #, c-format msgid "pam_start failed: %s\n" -msgstr "" +msgstr "pam_start ჩავარდა: %s\n" #: src/tools/sssctl/sssctl_user_checks.c:269 msgid "" @@ -3023,7 +3039,7 @@ msgstr "" #: src/tools/sssctl/sssctl_user_checks.c:273 #, c-format msgid "pam_get_item failed: %s\n" -msgstr "" +msgstr "pam_get_item ჩავარდა: %s\n" #: src/tools/sssctl/sssctl_user_checks.c:276 #, c-format diff --git a/po/ko.po b/po/ko.po index 2c17938aa04..d6fa8e42d07 100644 --- a/po/ko.po +++ b/po/ko.po @@ -4,23 +4,23 @@ # Ludek Janda , 2021. # simmon , 2021. # seo hojin , 2021. -# 김인수 , 2022. +# 김인수 , 2022, 2023. # Transtats , 2022. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2022-12-12 14:09+0000\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" +"PO-Revision-Date: 2023-09-18 03:54+0000\n" "Last-Translator: 김인수 \n" "Language-Team: Korean \n" +"sssd-2-9/ko/>\n" "Language: ko\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Weblate 4.14.2\n" +"X-Generator: Weblate 5.0.2\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -167,9 +167,8 @@ msgid "Enable or disable core dumps for all SSSD processes." msgstr "SSSD 프로세서를 위한 코어 덤프 활성화 또는 비활성화." #: src/config/SSSDConfig/sssdoptions.py:58 -#, fuzzy msgid "Tune passkey verification behavior" -msgstr "인증 확인을 조정합니다" +msgstr "패스키 확인 동작을 조정합니다" #: src/config/SSSDConfig/sssdoptions.py:61 msgid "Enumeration cache timeout length (seconds)" @@ -386,18 +385,16 @@ msgstr "" "목록" #: src/config/SSSDConfig/sssdoptions.py:117 -#, fuzzy msgid "Allow passkey device authentication." -msgstr "인증서 기반/스마트 카드 인증을 허용합니다." +msgstr "패스키 장치 인증을 허용합니다." #: src/config/SSSDConfig/sssdoptions.py:118 -#, fuzzy msgid "How many seconds will pam_sss wait for passkey_child to finish" -msgstr "p11_child가 완료될 때까지 pam_ss가 몇 초 동안 대기합니까" +msgstr "passkey_child가 완료될 때까지 pam_sss가 몇 초 동안 대기합니까" #: src/config/SSSDConfig/sssdoptions.py:119 msgid "Enable debugging in the libfido2 library" -msgstr "" +msgstr "libfido2 라이브러리에서 디버깅 활성화" #: src/config/SSSDConfig/sssdoptions.py:122 msgid "Whether to evaluate the time-based attributes in sudo rules" @@ -629,18 +626,18 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "클라이언트의 DNS 항목을 자동으로 최신화 할지 여부" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" -msgstr "업데이트 후 클라이언트의 DNS 항목에 적용할 TTL" +msgstr "최신화 후 클라이언트의 DNS 항목에 적용 하려는 TTL" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" -msgstr "동적 DNS 업데이트에 IP를 사용해야 하는 인터페이스" +msgstr "동적 DNS 최신화에 IP를 사용해야 하는 연결장치" #: src/config/SSSDConfig/sssdoptions.py:203 msgid "How often to periodically update the client's DNS entry" -msgstr "클라이언트의 DNS 항목을 주기적으로 업데이트하는 빈도" +msgstr "클라이언트의 DNS 항목을 주기적으로 최신화하는 빈도" #: src/config/SSSDConfig/sssdoptions.py:204 msgid "Maximum period deviation when updating the client's DNS entry" @@ -648,7 +645,7 @@ msgstr "클라이언트의 DNS 항목을 최신화 할 때 최대 주기 편차" #: src/config/SSSDConfig/sssdoptions.py:205 msgid "Whether the provider should explicitly update the PTR record as well" -msgstr "공급자가 PTR 레코드도 명시적으로 업데이트해야 하는지 여부" +msgstr "공급자가 PTR 레코드도 명시적으로 최신화해야 하는지 여부" #: src/config/SSSDConfig/sssdoptions.py:206 msgid "Whether the nsupdate utility should default to using TCP" @@ -656,11 +653,11 @@ msgstr "nsupdate 유틸리티가 기본적으로 TCP를 사용하도록 할지 #: src/config/SSSDConfig/sssdoptions.py:207 msgid "What kind of authentication should be used to perform the DNS update" -msgstr "DNS 업데이트를 수행하기 위해 어떤 종류의 인증을 사용해야 하는지" +msgstr "DNS 최신화를 수행하기 위해 어떤 종류의 인증을 사용해야 하는지" #: src/config/SSSDConfig/sssdoptions.py:208 msgid "Override the DNS server used to perform the DNS update" -msgstr "DNS 업데이트를 수행하는 데 사용되는 DNS 서버 재정의" +msgstr "DNS 최신화를 수행하는 데 사용되는 DNS 서버 재정의" #: src/config/SSSDConfig/sssdoptions.py:209 msgid "Control enumeration of trusted domains" @@ -725,102 +722,106 @@ msgstr "" "이 값은 첫 번째 인증 요소(장기 비밀번호)가 SHA512 해쉬로 캐쉬에 저장되어야 하" "는 최소 길이를 결정합니다." -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "로컬 인증 방법 정책. " + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "IPA 도메인" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "IPA 서버 주소" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "백업 IPA 서버의 주소" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "IPA 클라이언트 호스트네임" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "FreeIPA에서 클라이언트의 DNS 항목을 자동으로 최신화 할지 여부" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "HBAC와 연관된 객체를 위한 검색 기반" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "IPA 서버에 대응하는 HBAC 규칙의 검색 사이에서 시간의 양" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "IPA 서버에 대응하는 SELinux 맵의 검색 사이에서 초 단위 시간의 양" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "거짓으로 설정하면, PAM에서 제공한 호스트 인수가 무시됩니다" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" -msgstr "이와같은 IPA 클라이언트가 사용 중인 오토마운터 위치" +msgstr "이와 같은 IPA 클라이언트가 사용 중인 오토마운터 위치" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "IPA 도메인에 대한 정보가 포함된 객체 검색 기반" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "ID 범위에 대한 정보가 포함된 객체 검색 기반" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "DNS 사이트 활성화 - 위치 기반 서비스 검색" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "보기 컨테이너의 검색 기준" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "보기 컨테이너의 객체 클래스" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "보기 이름이 있는 속성" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "덮어쓰기 객체의 객체 클래스" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "원본 객체에 대한 참조가 있는 속성" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "사용자 덮어쓰기 객체의 객체 클래스" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "그룹 덮어쓰기 객체의 객체 클래스" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "데스크탑 프로필 관련 개체 검색 기준" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" "IPA 서버에 대응하는 데스크탑 프로파일 규칙의 검색 사이에서 초 단위 시간의 양" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" @@ -828,104 +829,104 @@ msgstr "" "마지막 요청이 규칙을 찾지 못한 경우 IPA 서버에 대한 데스크탑 프로필 규칙 검" "색 간격(분)입니다" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "SUBID 범위를 위한 기반 검색" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "액세스 제어를 평가하기 위해 사용해야 하는 규칙" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "호스트의 FQDN이 포함된 LDAP 속성입니다." -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "LDAP에서 호스트 항목의 개체 클래스입니다." -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "지정된 문자열을 호스트 오브젝트의 검색 기준으로 사용합니다." -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "호스트의 SSH 공개 키가 포함된 LDAP 속성입니다." -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "netgroup의 NIS 도메인 이름을 포함하는 LDAP 속성입니다." -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "netgroup 멤버의 이름이 포함된 LDAP 속성입니다." -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" "netgroup의 멤버인 호스트 및 호스트 그룹의 FQDN을 나열하는 LDAP 속성입니다." -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" "netgroup의 직접 구성원인 호스트 및 호스트 그룹을 나열하는 LDAP 속성입니다." -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "netgroup의 멤버십을 나열하는 LDAP 속성입니다." -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" "netgroup의 직접 구성원인 시스템 사용자 및 그룹을 나열하는 LDAP 속성입니다." -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "netgroup 이름에 해당하는 LDAP 속성입니다." -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "LDAP에서 netgroup 항목의 개체 클래스입니다." -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "LDAP netgroup 개체의 UUID/GUID가 포함된 LDAP 속성입니다." -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "사용자 맵이 사용 가능한지 여부를 포함하는 LDAP 속성입니다." -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "호스트 범주(예: 'all')가 포함된 LDAP 속성입니다." -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "이 규칙이 일치하는 모든 호스트/호스트그룹이 포함된 LDAP 속성입니다." -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "이 규칙이 일치하는 모든 사용자 / 그룹이 포함된 LDAP 속성입니다." -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "SELinux 사용자 맵의 이름이 포함된 LDAP 속성입니다." -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." @@ -933,19 +934,19 @@ msgstr "" "memberUser 및 memberHost 대신 일치하는 데 사용할 수 있는 HBAC 규칙의 DN이 포" "함된 LDAP 속성입니다." -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "SELinux 사용자 문자열 자체를 포함하는 LDAP 속성입니다." -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "'all'과 같은 사용자 범주가 포함된 LDAP 속성입니다." -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "사용자 맵의 고유 ID가 포함된 LDAP 속성입니다." -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." @@ -953,335 +954,335 @@ msgstr "" "이 옵션은 SSSD가 IPA 서버에서 실행 중임을 나타내며 신뢰할 수 있는 도메인에서 " "사용자 및 그룹의 검색을 다르게 수행해야 함을 나타냅니다." -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "주어진 문자열을 신뢰할 수 있는 도메인의 검색 기반으로 사용합니다." -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "Active Directory 도메인" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "Active Directory 도메인 사용" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "Active Directory 서버 주소" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "Active Directory 백업 서버 주소" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "Active Directory 클라이언트 호스트 이름" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "액세스 권한을 결정하는 LDAP 필터" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "검색에 Global Catalog 사용 여부" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "GPO 기반 액세스 제어를 위한 작동 모드" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "AD 서버에 대응하는 GPO 정책 파일의 검색 사이에서 시간의 양" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "GPO(거부)InteractiveLogonRight 정책 설정에 매핑되는 PAM 서비스 이름" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" "GPO(거부)RemoteInteractiveLogonRight 정책 설정에 매핑되는 PAM 서비스 이름" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "GPO(거부)NetworkLogonRight 정책 설정에 매핑되는 PAM 서비스 이름" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "GPO (거부)BatchLogonRight 정책 설정에 매핑되는 PAM 서비스 이름" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "GPO (거부)ServiceLogonRight 정책 설정에 매핑되는 PAM 서비스 이름" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "GPO 기반 액세스가 항상 부여되는 PAM 서비스 이름" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "GPO 기반 액세스가 항상 거부되는 PAM 서비스 이름" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" "매핑되지 않은 PAM 서비스 이름에 사용할 기본 로그온 권한 (또는 허용/거부)" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "클라이언트가 사용할 특정 사이트" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "시스템 계정 암호를 갱신하기 전의 최대 사용 기간(일)" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "시스템 계정 갱신 작업 조정 옵션" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" -msgstr "Samba 데이터베이스에서 시스템 계정 암호를 업데이트할지 여부" +msgstr "삼바 데이터베이스에서 시스템 계정 비밀번호를 최신화 할지 여부" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "LDAP 및 글로벌 카탈로그 요청에 LDAPS 포트 사용" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "다른 도메인에서 도메인 로컬 그룹을 필터링하지 않음" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Kerberos 서버 주소" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "Kerberos 백업 서버 주소" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Kerberos 영역" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "인증 시간 제한" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "kdcinfo 파일을 생성할지 여부" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "krb5 구성 스니펫을 드롭할 위치" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "인증 정보 캐쉬를 저장 할 디렉토리" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "사용자 인증 정보 캐쉬의 위치" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "인증 정보 유효성을 검사하기 위한 keytab의 위치" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "인증 정보 검증 활성화" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "나중에 온라인 인증을 위해 오프라인일 경우 암호 저장" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "TGT의 재생 가능 수명" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "TGT의 수명" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "두 검사 사이의 갱신 기간" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "FAST 활성화" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "FAST에 사용할 주체를 선택" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "익명 PKINIT를 사용하여 FAST 인증서를 요청합니다" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "주체 표준화 활성화" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "기업 주체 활성화" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "인증에 하위 도메인 영역 사용 활성화" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "사용자 이름에서 Kerberos 주체 이름으로 매핑" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "KDC가 아닌 경우 변경 암호 서비스가 실행 중인 서버" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, LDAP 서버의 URI" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "ldap_backup_uri, LDAP 서버의 URI" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "기본 DN의 기본값" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "LDAP 서버에서 사용되는 스키마 유형 rfc2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "사용자 암호를 변경하는 데 사용되는 모드" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "기본 바인딩 DN" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "기본 바인드 DN의 인증 토큰 유형" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "기본 바인드 DN의 인증 토큰" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "연결을 시도할 시간" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "동기식 LDAP 작업을 시도하는 시간" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "오프라인 상태일 때 다시 연결을 시도하는 간격" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "영역 이름에 대해 대문자만 사용하십시오" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "CA 인증서가 포함된 파일" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "CA 인증서 디렉토리의 경로" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "클라이언트 인증서가 포함된 파일" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "클라이언트 키가 포함된 파일" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "가능한 암호화 제품군 목록" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "TLS 인증서 확인 필요" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "사용할 sasl 메커니즘 지정" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "사용할 sasl 권한 부여 ID를 지정" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "사용할 sasl 권한 부여 영역을 지정" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "LDAP sasl 권한 부여에 대한 최소 SSF를 지정" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "LDAP sasl 권한 부여에 대한 최대 SSF를 지정" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "Kerberos 서비스 키탭" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "LDAP 연결에 Kerberos 인증 사용" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "LDAP 참조 준수" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "LDAP 연결을 위한 TGT의 수명" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "별칭 역참조 방법" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "DNS 서비스 검색을 위한 서비스 이름" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "단일 LDAP 쿼리에서 검색할 레코드 수" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "전체 참조 해제를 트리거하려면 누락되어야 하는 구성원 수" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "읽을 수 없는 LDAP 참조를 무시합니다" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" @@ -1289,7 +1290,7 @@ msgstr "" "LDAP 라이브러리에서 SASL 바인드 중에 호스트 이름을 정식화하기 위해 역방향 검" "색을 수행해야 하는지 여부" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -1297,424 +1298,423 @@ msgstr "" "로컬 사용자를 RFC2307 스키마를 사용하는 서버의 LDAP 그룹의 구성원으로 유지할 " "수 있습니다." -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "entryUSN 속성" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "lastUSN 속성" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "연결을 끊기 전에 LDAP 서버에 대한 연결을 유지하는 시간" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "LDAP 페이징 제어 비활성화" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "Active Directory 범위 검색 비활성화" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "검색 요청 대기 시간" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "열거 요청을 대기할 시간" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" -msgstr "열거 업데이트 사이의 시간" +msgstr "열거된 최신화 사이의 시간" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "열거된 최신화 사이의 최대 기간 편차" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "캐쉬 정리 사이의 대기 시간" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "캐쉬 정리 사이의 최대 시간 편차" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "ID 검색에 TLS 필요" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "사전 설정된 ID 대신 objectSID의 ID 매핑 사용" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "사용자 검색을 위한 기본 DN" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "사용자 검색 범위" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "사용자 검색 필터링" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "사용자를 위한 오브젝트 클래스" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "사용자 이름 속성" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "UID 속성" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "기본 GID 속성" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "GECOS 속성" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "홈 디렉토리 속성" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "쉘 속성" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "UUID 속성" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "objectSID 속성" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "ID-mapping의 Active Directory 기본 그룹 속성" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "사용자 주체 속성(Kerberos용)" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "성명" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "memberOf 속성" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "수정 시간 속성" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "shadowLastChange 속성" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "shadowMin 속성" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "ShadowMax 속성" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "shadowWarning 속성" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "shadowInactive 속성" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "shadowExpire 속성" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "shadowFlag 속성" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "승인된 PAM 서비스 나열 속성" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "승인된 서버 호스트 나열 속성" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "권한 있는 서버 rhosts 나열 속성" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "krbLastPwdChange 속성" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "krbPasswordExpiration 속성" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "서버 측 암호 정책이 활성 상태임을 나타내는 속성" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "AD의 accountExpires 속성" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "AD의 UserAccountControl 속성" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "nsAccountLock 속성" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "NDS의 loginDisabled 속성" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "NDS의 loginExpirationTime 속성" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "NDS의 loginAllowedTimeMap 속성" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "SSH 공개 키 속성" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "사용자에 허용된 인증 유형을 나열하는 속성" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "사용자의 X509 인증서가 포함된 속성" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "사용자의 이메일 주소를 포함하는 속성" -#: src/config/SSSDConfig/sssdoptions.py:449 -#, fuzzy +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" -msgstr "사용자의 이메일 주소를 포함하는 속성" +msgstr "사용자의 패스키 대응 자료를 포함하는 속성" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" -msgstr "사용자 항목과 함께 다운로드할 추가 속성 목록" +msgstr "사용자 항목과 함께 내려받기 하려는 추가 속성의 목록" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "그룹 검색의 기본 DN" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "그룹용 개체 클래스" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "그룹 이름" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "그룹 비밀번호" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "GID 속성" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "그룹 멤버 속성" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "그룹 UUID 속성" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "그룹의 수정 시간 속성" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "그룹 유형 및 기타 플래그" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "LDAP 그룹 외부 멤버 속성" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "SSSD가 따르는 최대 중첩 수준" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "그룹 검색 필터링" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "그룹 검색 범위" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "netgroup 검색의 기본 DN" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "netgroup의 오브젝트 클래스" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "Netgroup 이름" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "netgroups 멤버 속성" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "Netgroup Triple 속성" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "netgroups의 수정 시간 속성" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "서비스 검색의 기본 DN" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "서비스용 오브젝트 클래스" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "서비스 이름 속성" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "서비스 포트 속성" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "서비스 프로토콜 속성" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "ID 매핑의 바인딩 하한값" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "ID 매핑의 바인딩 상한값" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "ID 매핑 시 각 슬라이스에 대한 ID 수" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "ID 매핑을 위한 autorid-compatible 알고리즘 사용" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "ID 매핑의 기본 도메인 이름" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "ID 매핑을 위한 기본 도메인의 SID" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "두 번째 슬라이스 수" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "Token-Groups 사용 여부" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "LDAP 서버에서 허용된 ID의 하한 경계 설정" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "LDAP 서버에서 허용된 ID의 상한 경계 설정" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "ppolicy 쿼리의 DN" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "와일드카드 요청 중 가져올 최대 항목 수" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "libldap 디버그 수준 설정" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "암호 만료 평가 정책" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "계정이 만료되었는지 평가하기 위해 사용할 속성" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "암호 변경이 허용되는 LDAP 서버의 URI" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "암호 변경이 허용되는 백업 LDAP 서버의 URI" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "LDAP 암호 변경 서버의 DNS 서비스 이름" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" "비밀번호 변경 후에 ldap_user_shadow_last_change 속성을 최신화 할지 여부" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "sudo 규칙 검색의 기본 DN" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "자동 전체 새로 고침 기간" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "자동 스마트 새로 고침 기간" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "스마트 및 전체 새로 고침 임의 오프셋" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "호스트 이름, IP 주소 및 네트워크로 규칙을 필터링할지 여부" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" @@ -1722,149 +1722,149 @@ msgstr "" "sudo 규칙을 필터링하기 위한 이 시스템의 호스트 이름 및/또는 정규화된 도메인 " "이름" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" "sudo 규칙을 필터링하기 위한 이 시스템의 IPv4 또는 IPv6 주소 또는 네트워크" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "호스트 속성에 netgroup을 포함하는 규칙을 포함할지 여부" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "호스트 속성에 정규 표현식을 포함하는 규칙을 포함할지 여부" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "sudo 규칙의 오브젝트 클래스" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "sudo 규칙의 오브젝트 클래스로 사용되는 속성의 이름" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "sudo 규칙 이름" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "sudo 규칙 명령 속성" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "sudo 규칙 호스트 속성" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "sudo 규칙 사용자 속성" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "sudo 규칙 옵션 속성" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "sudo 규칙 runas 속성" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "sudo 규칙 runasuser 속성" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "sudo 규칙 runasgroup 속성" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "sudo 규칙 notfore 속성" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "sudo 규칙 notafter 속성" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "sudo 규칙 순서 속성" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "automounter 맵의 오브젝트 클래스" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "automounter 맵 이름 속성" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "automounter 맵 항목의 오브젝트 클래스" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "automounter 맵 항목 키 속성" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "automounter 맵 항목 값 속성" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "automounter 맵 검색의 기본 DN" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "LDAP의 automounter 마스터 맵의 이름입니다." -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "IP 호스트 검색의 기본 DN" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "IP 호스트용 오브젝트 클래스" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "IP 호스트 이름 속성" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "IP 호스트 번호(address) 속성" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "IP 호스트 항목USN 속성" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "IP 네트워크 검색의 기본 DN" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "IP 네트워크의 오브젝트 클래스" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "IP 네트워크 이름 속성" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "IP 네트워크 번호(address) 속성" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "IP 네트워크 항목USN 속성" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "쉼표로 구분된 허용된 사용자 목록" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "쉼표로 구분된 금지된 사용자 목록" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." @@ -1872,7 +1872,7 @@ msgstr "" "로그인할 수 있는 쉼표로 구분된 그룹 목록입니다. 이는 이 SSSD 도메인 내의 그룹" "에만 적용됩니다. 로컬 그룹은 평가되지 않습니다." -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " @@ -1881,31 +1881,31 @@ msgstr "" "명시적으로 액세스가 거부된 그룹 목록입니다. 이는 이 SSSD 도메인 내의 그룹에" "만 적용됩니다. 로컬 그룹은 평가되지 않습니다." -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "미리 정렬된 프락시 하위 항목 수입니다." -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "사용할 NSS 라이브러리의 이름" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "호스트 및 네트워크 검색에 사용할 NSS 라이브러리의 이름" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "가능한 경우 캐쉬에서 정식 그룹 이름을 검색할지 여부" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "사용할 PAM 스택" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "passwd 파일 소스 경로입니다." -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "그룹 파일 소스의 경로입니다." @@ -1954,67 +1954,67 @@ msgstr "% 에서 실행 중, root여야 합니다\n" msgid "SSSD is already running\n" msgstr "SSSD가 이미 실행되고 있습니다\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "코어 덤프 허용" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "디버그 로그의 오픈 파일 설명자" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "FAST ccache를 생성할 사용자" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "FAST ccache를 생성할 그룹" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "익명의 PKINIT를 사용하여 FAST 강화된 티켓을 요청합니다" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "사용할 Kerberos 영역" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "티켓의 요청된 수명" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "티켓의 요청된 재생 가능 수명" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "FAST 옵션 ('never', 'try', 'demand')" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "FAST에 사용할 서버 주체를 지정" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "주체 이름의 정규화 요청" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "krb5_get_init_creds_password의 사용자 지정 버전 사용" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "로깅 목적을 위해 사용되는 T이벤트 체인 ID" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "PAC 플래그 점검" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "blockoc_asprintf에 실패했습니다.\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "set_debug_file_from_fd가 실패했습니다.\n" @@ -2022,35 +2022,35 @@ msgstr "set_debug_file_from_fd가 실패했습니다.\n" msgid "Domain of the information provider (mandatory)" msgstr "정보 공급자의 도메인 (필수)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "권한 있는 소켓에 잘못된 소유권 또는 권한이 있습니다." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "공용 소켓에 잘못된 소유권 또는 권한이 있습니다." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "서버 인증 정보 메시지의 예기치 않은 형식입니다." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD는 루트에 의해 실행되지 않습니다." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "SSSD 소켓이 존재하지 않습니다." -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "SSSD 소켓 통계를 가져올 수 없습니다." -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "오류가 발생했지만 설명을 찾을 수 없습니다." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "오류 설명을 찾는 동안 예기치 않은 오류 발생" @@ -2058,120 +2058,135 @@ msgstr "오류 설명을 찾는 동안 예기치 않은 오류 발생" msgid "Permission denied. " msgstr "권한이 거부되었습니다. " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "서버 메시지: " #: src/sss_client/pam_sss.c:71 -msgid "Enter PIN:" +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." msgstr "" +"커버러스 TGT는 로그인 시 허용되지 않으며, 사용자 환경에 영향을 미칩니다." + +#: src/sss_client/pam_sss.c:72 +msgid "Enter PIN:" +msgstr "PIN 입력:" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "암호가 일치하지 않습니다" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "root로 재설정한 암호는 지원되지 않습니다." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "캐쉬된 인증 정보로 인증됨" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", 당신의 캐쉬된 비밀번호는 다음에 만료됩니다.: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "암호가 만료되었습니다. %1$d 유예 로그인이 남아 있습니다." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "암호는 %1$d %2$s에 만료됩니다." -#: src/sss_client/pam_sss.c:627 -#, fuzzy, c-format +#: src/sss_client/pam_sss.c:628 +#, c-format msgid "Your password has expired." -msgstr "암호는 %1$d %2$s에 만료됩니다." +msgstr "당신의 비밀번호가 만료되었습니다." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "인증은 다음 기간까지 거부됩니다. " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "시스템이 오프라인 상태이며 암호가 변경될 수 없습니다" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" "OTP 암호를 변경한 후 티켓을 받으려면 로그아웃한 후 다시 로그인해야 합니다" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "PIN 잠금" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" +"서버가 이와 같은 방식을 지원하지 않으므로 커버러스 TGT가 허용되지 않습니다. " +"통합인증(SSO) 환경이 영향을 받습니다." + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "비밀번호 변경에 실패함. " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "%1$s에 인증하고 ENTER를 누릅니다." -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "PIN %1$s(%2$s에서)으로 인증하고 ENTER를 누릅니다." -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "다른 스마트카드를 (다시)입력해 주세요" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "신규 암호: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "신규 암호 재입력: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "첫 번째 요인: " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "두 번째 요인(선택 사항): " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "두 번째 요인: " -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." -msgstr "" +msgstr "자신의 패스키 장치를 넣고, 그런 후에 Enter를 눌러주세요." -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " -msgstr "암호: " +msgstr "비밀번호: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "첫 번째 요인 (현재 암호): " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "현재 암호: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "암호가 만료되었습니다. 지금 암호를 변경하십시오." @@ -2508,9 +2523,8 @@ msgid "Passkey related tools:" msgstr "Passkey와 연관된 도구:" #: src/tools/sssctl/sssctl.c:348 -#, fuzzy msgid "Perform passkey registration" -msgstr "passkey와 연관된 동작을 수행합니다" +msgstr "패스키 등록을 수행합니다" #: src/tools/sssctl/sssctl_cache.c:31 #, c-format @@ -2688,9 +2702,8 @@ msgid "Error while reading configuration directory.\n" msgstr "설정 디렉토리를 읽는 도중 오류가 발생했습니다.\n" #: src/tools/sssctl/sssctl_config.c:147 -#, fuzzy msgid "There is no configuration.\n" -msgstr "%s에서 구성을 로드하지 못했습니다.\n" +msgstr "구성이 없습니다.\n" #: src/tools/sssctl/sssctl_config.c:157 msgid "Failed to run validators" @@ -2714,7 +2727,7 @@ msgstr "사용된 구성 스니펫 파일: %zu\n" #: src/tools/sssctl/sssctl_data.c:91 #, c-format msgid "Unable to create backup directory [%d]: %s" -msgstr "백업 디렉토리를 만들 수 없습니다 [%d]: %s" +msgstr "백업 디렉토리 [%d]를 생성 할 수 없음: %s" #: src/tools/sssctl/sssctl_data.c:97 msgid "SSSD backup of local data already exists, override?" diff --git a/po/nb.po b/po/nb.po index 28e26c26694..aad063d4560 100644 --- a/po/nb.po +++ b/po/nb.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2014-12-14 11:46-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Norwegian Bokmål (http://www.transifex.com/projects/p/sssd/" @@ -588,12 +588,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" @@ -677,1162 +677,1166 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "IPA-domene" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "IPA-tjeneradresse" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "Vertsnavn for IPA-klient" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Tjeneradresse for Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Kerberos-område" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "Tidsavbrudd for autentisering" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1881,67 +1885,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1949,35 +1953,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" @@ -1985,119 +1989,131 @@ msgstr "" msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, c-format msgid "Your password has expired." msgstr "" -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/nl.po b/po/nl.po index d1505359101..e6f201b86da 100644 --- a/po/nl.po +++ b/po/nl.po @@ -13,7 +13,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2014-12-14 11:47-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/" @@ -623,14 +623,14 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "Of de DNS ingang van de cliënt automatisch vernieuwd moet worden" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" "De TTL die toegepast moet worden op de DNS ingang van de cliënt na het " "vernieuwen hiervan" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "De adapter wiens IP-adres gebruikt moet worden voor het dynamisch bijwerken " @@ -719,38 +719,42 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "IPA-domein" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "IPA-serveradres" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "Adres van back-up IPA server" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "IPA-clienthostname" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" "Of de DNS-gegevens van de client automatisch bijgewerkt moeten worden in " "FreeIPA" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "Zoek basis voor HBAC gerelateerde objecten" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "De tijdsduur tussen het opzoeken van HBAC regels voor de IPA server" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" @@ -758,528 +762,528 @@ msgstr "" "De tijdsduur in seconden tussen zoekopdrachten in de SELinux mappen voor de " "IPA server" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" "Als dit op false ingesteld is, wordt het host argument gegeven door PAM " "genegeerd" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "De automounter locatie die door deze IPA client wordt gebruikt" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "Zoek in base voor object die info over IPA domein bevat " -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "Zoek in base voor objecten die info over ID bereiken bevat" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "Zet DNS sites aan - locatie gebaseerde service ontdekking" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 #, fuzzy msgid "Search base for SUBID ranges" msgstr "Zoek basis voor HBAC gerelateerde objecten" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" "Welke regels moeten gebruikt worden voor de evaluatie van toegangscontrole" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "Active Directory domein" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "Active Directory server adres" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "Active Directory back-up server adres" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "Active Directory cliënt hostnaam" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "LDAP-filter om toegangsprivileges mee te bepalen" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Kerberos-serveradres" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "Kerberos back-up server adres" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Kerberos-rijk" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "Authenticatie timeout" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "Moeten kdcinfo bestanden aangemaakt worden" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "Werkmap waar authenticatiegegevens opgeslagen worden" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "Locatie van de authenticatiecache van de gebruiker" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "Locatie van de keytab om authenticatiegegevens te valideren" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "Schakel authenticatiegegevensvalidatie in" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" "Sla het wachtwoord op indien offline voor later gebruik bij online " "authenticatie" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "Vernieuwbare levensduur van de TGT" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "Levensduur van de TGT" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "Tijd tussen twee checks voor vernieuwing" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "Zet FAST aan" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "Selecteert de hoofdpersoon te gebruiken voor FAST " -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "Zet hoofdpersoon sanctioneren aan" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "Zet enterprise principals aan" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Server waar het wachtwoord wijzigingsservice draait indien niet op de KDC" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, de URI van de LDAP server" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "ldap_backup_uri, De URI van de LDAP server" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "De standaard base DN" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Het schema type wat gebruikt wordt op de LDAP server, rfc2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "De standaard bind DN" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "Het type authenticatietoken van de standaard bind DN" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "Het authenticatietoken van de standaard bind DN" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "Hoe lang pogen te verbinden" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Hoe lang proberen synchroon LDAP te benaderen" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" "Duur tussen pogingen om de verbinding opnieuw tot stand te brengen tijdens " "offline zijn" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "Gebruik alleen hoofdletters voor gebiedsnamen" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "Bestand dat de bekende CA-certificaten bevat" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "Pad naar de CA-certificatenmap" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "Bestand dat het client certificaat bevat" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "Bestand dat de client sleutel bevat" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "Lijst van mogelijke sleutel suites" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "Vereis verificatie van het TLS-certificaat" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "Geef het SASL-mechanisme op wat gebruikt moet worden" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "Geef het SASL-authorisatie-ID op wat gebruikt moet worden" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "Specificeer het te gebruiken sasl autorisatiegebied " -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "Specificeer de minimale SSF voor LDAP sasl autorisatie" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "Kerberos service keytab" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "Gebruik Kerberos authenticatie voor LDAP-connectie" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "Volg LDAP-doorverwijzingen" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "Levensduur van TGT voor LDAP-connectie" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "Hoe moet de alias referentie verwijderd worden" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "Service naam voor DNS service opzoeken" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" "Het aantal records dat opgehaald moet worden met een enkele LDAP bevraging" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" "Het aantal leden van moet ontbreken om een volledige de-referentie te " "veroorzaken" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" @@ -1287,409 +1291,409 @@ msgstr "" "Moet de LDAP bibliotheek omgekeerd opzoeken uitvoeren om de hostnaam te " "autoriseren tijdens een SASL binding" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "entryUSN attribuut" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "lastUSN attribuut" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" "Hoe lang een verbinding met de LDAP server gebouden moet blijven voordat het " "losgekoppeld wordt" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "Het LDAP paging besturingselement uitschakelen" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "Zet Active Directory bereik opvragen uit" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "Tijd om te wachten op een zoekopdracht" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "Tijdsduur te wachten voor een opsommingsverzoek" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "Tijd om te wachten tussen enumeratie-updates" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 #, fuzzy msgid "Maximum period deviation between enumeration updates" msgstr "Tijd om te wachten tussen enumeratie-updates" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "Tijdsduur tussen cache opschoningen" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 #, fuzzy msgid "Maximum time deviation between cache cleanups" msgstr "Tijdsduur tussen cache opschoningen" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "Vereis TLS voor het opzoeken van ID's" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "Gebruik ID-mapping van objectSID gebruiken in plaats van pre-set ID's" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "Base DN voor het opzoeken van gebruikers" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "Scope voor het opzoeken van gebruikers" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "Filter voor het opzoeken van gebruikers" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "Objectclass voor gebruikers" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "Username-attribuut" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "UID-attribuut" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "Primair GID-attribuut" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "GECOS-attribuut" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "Gebruikersmap-attribuut" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "Shell-attribuut" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "objectSID attribuut" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "Active Directory primaire groep attribuut voor ID-mapping" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "Userprincipal-attribuut (voor Kerberos)" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "Volledige naam" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "memberOf-attribuut" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "Modification time-attribuut" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "shadowLastChange attribuut" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "shadowMin attribuut" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "shadowMax attribuut" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "shadowWarning attribuut" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "shadowInactive attribuut" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "shadowExpire attribuut" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "shadowFlag attribuut" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "Attribuut voor tonen van geautoriseerde PAM services" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "Attribuut dat geautoriseerde server hosts toont" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "krbLastPwdChange attribuut" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "krbPasswordExpiration attribuut" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "Attribuut welke aangeeft dat wachtwoordtactiek op de server actief is" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "accountExpires attribuut van AD" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "userAccountControl attribuut van AD" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "nsAccountLock attribuut" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "loginDisabled attribuut van NDS" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "loginExpirationTime attribuut van NDS" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "loginAllowedTimeMap attribuut van NDS" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "SSH publieke sleutel attribuut" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "Basis DN voor groep opzoeken" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "Objectklasse voor groepen" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "Groepsnaam" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "Groep wachtwoord" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "GID attribuut" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "Groep deelnemer attribuut" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "Verandertijd attribuut voor groepen" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "Basis DN voor netgroep opzoeken" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "Objectklasse voor netgroepen" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "Netgroep naam" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "Netgroep leden attribuut" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "Netgroep triple attibuut" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "Verandertijd attribuut voor netgroepen" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "Basis DN voor service lookups" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "Objectclass voor services" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "Service naam attribuut" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "Service port attribuut" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "Service protocol attribuut" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "Ondergrens voor ID-mapping" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "Bovengrens voor ID-mapping" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "Aantal ID's voor elk segment bij ID-mapping" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "Gebruik autorid-compatibel algoritme voor ID-mapping" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "Naam van het standaard domein voor ID-mapping" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "SID van het standaard domein voor ID-mapping" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "Laagste grens instellen voor toegestane id's van de LDAP-server" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "Hoogste grens instellen voor toegestane id's van de LDAP-server" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "Policy om wacthwoordverloop mee te evalueren" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" "Welke attributen worden gebruikt voor evaluatie als het account verlopen is" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" "URI van een LDAP server waarop wachtwoord veranderingen toegestaan zijn" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" "URI van een back-up LDAP server waar wachtwoord veranderingen toegestaan zijn" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "DNS service naam voor LDAP wachtwoord verander server" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" @@ -1697,27 +1701,27 @@ msgstr "" "Moet het ldap_user_shadow_last_change attribuut vernieuwd worden na een " "wachtwoordwijziging" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "Basis DN voor sudo regels lookups" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "Automatische volledige ververs periode" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "Automatische slimme ververs periode" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "Moeten regels gefilterd worden volgens hostnaam, IP adres en netwerk" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" @@ -1725,190 +1729,190 @@ msgstr "" "Hostnamen en/of volledig gekwalificeerde domeinnamen van deze machine voor " "het filteren van sudo regels" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" "IPv4 of IPv6 adressen of netwerk van deze machine voor het filteren van sudo " "regels" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" "Moeten regels toegevoegd worden die netgroep bevatten in host attribuut " -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" "Moeten regels toegevoegd worden die regulaire expressie bevatten in host " "attribuut " -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "Objectklasse voor sudo regels" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "Sudo regelnaam" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "Sudo regel opdracht attribuut" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "Sudo regel host attribuut" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "Sudo regel gebruiker attribuut" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "Sudo regel optie attribuut" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "Sudo regel runasuser attribuut" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "Sudo regel runasgroup attribuut" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "Sudo regel notbefore attribuut" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "Sudo regel notafter attribuut" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "Sudo regel volgorde attribuut" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "Object class voor automounter maps" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "Automounter map naam attribuut" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "Objectklasse voor automounter map ingaven" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "Automounter map sleutel ingave attribuut" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "Automounter map ingavewaarde attribuut" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "Basis DN voor automounter kaart opzoeken" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "Kommagescheiden lijst van toegestane gebruikers" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "Kommagescheiden lijst van geweigerde gebruikers" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "De naam van de NSS-bibliotheek die gebruikt wordt" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "Moet indien mogelijk canonieke groepsnaam in cache opgezocht worden " -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "PAM-stack die gebruikt wordt" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1957,67 +1961,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "Een geopend bestand voor de debug logs" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -2025,36 +2029,36 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "Domein voor de informatie provider (verplicht)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "Socket met privileges heeft verkeerde rechten of eigendom." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "Publiek socket heeft verkeerde rechten of eigendom." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Onverwacht formaat van het inloggegevensbericht van de server." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD wordt niet door root gestart." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" "Er is een fout opgetreden, maar er kan geen omschrijving gevonden worden." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Onverwachtte fout bij het opzoeken van een omschrijving" @@ -2062,120 +2066,132 @@ msgstr "Onverwachtte fout bij het opzoeken van een omschrijving" msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Serverbericht:" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Wachtwoorden komen niet overeen" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "Wachtwoorden als root wijzigen wordt niet ondersteund." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Geauthenticeerd met gecachte inloggegevens." -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", uw wachtwoord verloopt op:" -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" "Je wachtwoord is verlopen. Je hebt nog slechts %1$d login(s) beschikbaar." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Je wachtwoord zal verlopen in %1$d %2$s." -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr "Je wachtwoord zal verlopen in %1$d %2$s." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "Inloggen wordt geweigerd tot:" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "Systeem is offline, wachtwoord wijzigen niet mogelijk" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Wijzigen van wachtwoord mislukt." -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Nieuw Wachtwoord: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Voer nieuw wachtwoord nogmaals in: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Wachtwoord: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Huidig wachtwoord:" -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "Wachtwoord verlopen. Verander nu uw wachtwoord." diff --git a/po/pl.po b/po/pl.po index 826f4b842a8..e33926174f0 100644 --- a/po/pl.po +++ b/po/pl.po @@ -3,30 +3,30 @@ # This file is distributed under the same license as the PACKAGE package. # # Translators: -# Piotr Drąg , 2011-2014, 2020, 2021, 2022. +# Piotr Drąg , 2011-2014, 2020, 2021, 2022, 2023. # sgallagh , 2011 -# Piotr Drąg , 2015. #zanata, 2020, 2021, 2022. -# Piotr Drąg , 2016. #zanata, 2020, 2021, 2022. -# Piotr Drąg , 2017. #zanata, 2020, 2021, 2022. -# Piotr Drąg , 2018. #zanata, 2020, 2021, 2022. -# Piotr Drąg , 2019. #zanata, 2020, 2021, 2022. -# Piotr Drąg , 2020. #zanata, 2021, 2022. +# Piotr Drąg , 2015. #zanata, 2020, 2021, 2022, 2023. +# Piotr Drąg , 2016. #zanata, 2020, 2021, 2022, 2023. +# Piotr Drąg , 2017. #zanata, 2020, 2021, 2022, 2023. +# Piotr Drąg , 2018. #zanata, 2020, 2021, 2022, 2023. +# Piotr Drąg , 2019. #zanata, 2020, 2021, 2022, 2023. +# Piotr Drąg , 2020. #zanata, 2021, 2022, 2023. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2022-12-12 12:44+0000\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" +"PO-Revision-Date: 2023-09-18 03:54+0000\n" "Last-Translator: Piotr Drąg \n" "Language-Team: Polish \n" +"sssd-2-9/pl/>\n" "Language: pl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " "|| n%100>=20) ? 1 : 2;\n" -"X-Generator: Weblate 4.14.2\n" +"X-Generator: Weblate 5.0.2\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -182,9 +182,8 @@ msgid "Enable or disable core dumps for all SSSD processes." msgstr "Włącza lub wyłącza zrzuty core dla wszystkich procesów SSSD." #: src/config/SSSDConfig/sssdoptions.py:58 -#, fuzzy msgid "Tune passkey verification behavior" -msgstr "Dostraja sprawdzanie poprawności certyfikatów" +msgstr "Dostraja zachowanie sprawdzania poprawności haseł-kluczy" #: src/config/SSSDConfig/sssdoptions.py:61 msgid "Enumeration cache timeout length (seconds)" @@ -418,18 +417,16 @@ msgstr "" "wymuszone dla dostępu PAM za pomocą uwierzytelniania GSSAPI" #: src/config/SSSDConfig/sssdoptions.py:117 -#, fuzzy msgid "Allow passkey device authentication." -msgstr "Zezwala na uwierzytelnianie za pomocą certyfikatów/smartcard." +msgstr "Zezwala na uwierzytelnianie za pomocą urządzenia hasła-klucza." #: src/config/SSSDConfig/sssdoptions.py:118 -#, fuzzy msgid "How many seconds will pam_sss wait for passkey_child to finish" -msgstr "Ile sekund pam_sss ma oczekiwać na ukończenie p11_child" +msgstr "Ile sekund pam_sss ma oczekiwać na ukończenie passkey_child" #: src/config/SSSDConfig/sssdoptions.py:119 msgid "Enable debugging in the libfido2 library" -msgstr "" +msgstr "Włącza debugowanie w bibliotece libfido2" #: src/config/SSSDConfig/sssdoptions.py:122 msgid "Whether to evaluate the time-based attributes in sudo rules" @@ -680,12 +677,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "Czy automatycznie aktualizować wpis DNS klienta" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "TTL do zastosowania do wpisu DNS klienta po jego zaktualizowaniu" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "Interfejs, którego adres IP ma być używany do dynamicznych aktualizacji DNS" @@ -783,108 +780,112 @@ msgstr "" "pierwszego składnika uwierzytelnienia (hasło długoterminowe), aby został " "zapisany jako suma kontrolna SHA512 w pamięci podręcznej." -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "Zasady metod lokalnego uwierzytelniania " + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "Domena IPA" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "Adres serwera IPA" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "Adres zapasowego serwera IPA" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "Nazwa komputera klienta IPA" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" "Czy automatycznie aktualizować wpis DNS klienta w oprogramowaniu FreeIPA" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "Podstawa wyszukiwania pod kątem obiektów związanych z HBAC" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "Czas między wyszukiwaniami reguł HBAC w serwerze IPA" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "Czas w sekundach między wyszukiwaniami map SELinuksa w serwerze IPA" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" "Jeśli ustawiono na fałsz, to parametr komputera podany przez PAM zostanie " "zignorowany" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "Położenie automountera, którego używa ten klient IPA" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" "Podstawa wyszukiwania dla obiektów zawierających informacje o domenie IPA" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" "Podstawa wyszukiwania dla obiektów zawierających informacje o zakresach " "identyfikatorów" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "Włącza witryny DNS — wykrywanie usług na podstawie położenia" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "Podstawa wyszukiwania dla widoku kontenerów" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "Klasa obiektu dla widoku kontenerów" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "Atrybut z nazwą widoku" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "Klasa obiektu dla obiektów zastępowania" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "Atrybut z odniesieniem do pierwotnego obiektu" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "Klasa obiektu dla obiektów zastępowania użytkownika" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "Klasa obiektów dla obiektów zastępowania grup" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "Podstawa wyszukiwania pod kątem obiektów związanych z profilem pulpitu" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" "Czas w sekundach między wyszukiwaniami reguł profilu pulpitu w serwerze IPA" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" @@ -892,42 +893,42 @@ msgstr "" "Czas w minutach między wyszukiwaniami reguł profilów pulpitu w serwerze IPA, " "kiedy ostatnie żądanie nie odnalazło żadnej reguły" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "Podstawa wyszukiwania dla zakresów SUBID" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "Które reguły mają być używane do sprawdzania kontroli dostępu" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "Atrybut LDAP zawierający FQDN komputera." -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "Klasa obiektów wpisu komputera w LDAP." -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" "Używa podanego ciągu jako podstawę wyszukiwania dla obiektów komputera." -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "Atrybut LDAP zawierający klucze publiczne SSH komputera." -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "Atrybut LDAP zawierający nazwę domeny NIS grupy sieciowej." -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "Atrybut LDAP zawierający nazwy członków grupy sieciowej." -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." @@ -935,7 +936,7 @@ msgstr "" "Atrybut LDAP zawierający listę FQDN komputerów i grup komputerów będących " "członkami grupy sieciowej." -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." @@ -943,11 +944,11 @@ msgstr "" "Atrybut LDAP zawierający listę komputerów i grup komputerów będących " "bezpośrednimi członkami grupy sieciowej." -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "Atrybut LDAP zawierający listę członkostw grupy sieciowej." -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." @@ -955,30 +956,30 @@ msgstr "" "Atrybut LDAP zawierający listę użytkowników i grup systemowych będących " "bezpośrednimi członkami grupy sieciowej." -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "Atrybut LDAP odpowiadający nazwie grupy sieciowej." -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "Klasa obiektów wpisu grupy sieciowej w LDAP." -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "Atrybut LDAP zawierający UUID/GUID obiektu grupy sieciowej LDAP." -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "Atrybut LDAP określający, czy mapowanie użytkownika jest włączone." -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "Atrybut LDAP kategorię komputera, taką jak „all”." -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." @@ -986,18 +987,18 @@ msgstr "" "Atrybut LDAP zawierający wszystkie komputery/grupy komputerów, do których ta " "reguła pasuje." -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" "Atrybut LDAP zawierający wszystkich użytkowników/grupy, do których ta reguła " "pasuje." -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "Atrybut LDAP zawierający nazwę mapy użytkownika SELinuksa." -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." @@ -1005,19 +1006,19 @@ msgstr "" "Atrybut LDAP zawierający DN reguły HBAC, który można używać do dopasowywania " "zamiast memberUser i memberHost." -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "Atrybut LDAP zawierający sam ciąg użytkownika SELinuksa." -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "Atrybut LDAP kategorię użytkownika, taką jak „all”." -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "Atrybut LDAP unikalny identyfikator mapy użytkownika." -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." @@ -1025,350 +1026,348 @@ msgstr "" "Opcja wskazuje, że usługa SSSD działa na serwerze IPA i ma wykonywać " "wyszukiwania użytkowników i grup z zaufanych domen w inny sposób." -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "Używa podanego ciągu jako podstawę wyszukiwania dla zaufanych domen." -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "Domena Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "Włączone domeny Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "Adres serwera Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "Adres zapasowego serwera Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "Nazwa komputera klienta Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "Filtr LDAP do określenia uprawnień dostępu" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "Czy używać Global Catalog do wyszukiwań" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "Tryb działania dla kontroli dostępu opartej na GPO" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" -msgstr "Czas między wyszukiwaniami plików polityki GPO w serwerze AD" +msgstr "Czas między wyszukiwaniami plików zasad GPO w serwerze AD" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -"Nazwy usług PAM mapujących do ustawień polityki GPO " -"(Deny)InteractiveLogonRight" +"Nazwy usług PAM mapujących do ustawień zasad GPO (Deny)InteractiveLogonRight" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -"Nazwy usług PAM mapujących do ustawień polityki GPO " +"Nazwy usług PAM mapujących do ustawień zasad GPO " "(Deny)RemoteInteractiveLogonRight" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -"Nazwy usług PAM mapujących do ustawień polityki GPO (Deny)NetworkLogonRight" +"Nazwy usług PAM mapujących do ustawień zasad GPO (Deny)NetworkLogonRight" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" -msgstr "" -"Nazwy usług PAM mapujących do ustawień polityki GPO (Deny)BatchLogonRight" +msgstr "Nazwy usług PAM mapujących do ustawień zasad GPO (Deny)BatchLogonRight" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -"Nazwy usług PAM mapujących do ustawień polityki GPO (Deny)ServiceLogonRight" +"Nazwy usług PAM mapujących do ustawień zasad GPO (Deny)ServiceLogonRight" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" "Nazwy usług PAM, dla których zawsze udzielany jest dostęp oparty na GPO" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" "Nazwy usług PAM, dla których zawsze odmawiany jest dostęp oparty na GPO" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" "Domyślne uprawnienie logowania (lub zezwolenie/odmowa) do użycia dla " "niemapowanych nazw usług PAM" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "konkretna strona używana przez klienta" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" "Maksymalny wiek w dniach przed wymaganiem odnowienia hasła konta komputera" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "Opcja dostrajania zadania odnawiania konta komputera" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "Czy aktualizować hasło konta komputera w bazie danych Samby" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "Używa portu LDAPS dla żądań LDAP i Global Catalog" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "Bez filtrowania grup lokalnej domeny z innych domen" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Adres serwera Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "Adres zapasowego serwera Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Obszar Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "Czas oczekiwania na uwierzytelnienie" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "Czy tworzyć pliki kdcinfo" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "Gdzie umieścić wstawki konfiguracji krb5" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "" "Katalog do przechowywania pamięci podręcznych danych uwierzytelniających" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "Położenie pamięci podręcznej danych uwierzytelniających użytkownika" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "Położenie tablicy kluczy do sprawdzania danych uwierzytelniających" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "Włącza sprawdzanie danych uwierzytelniających" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" "Przechowuje hasło, jeśli w trybie offline do późniejszego uwierzytelnienia " "w trybie online" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "Odnawialny czas trwania TGT" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "Czas trwania TGT" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "Czas między dwoma sprawdzaniami odnowy" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "Włącza FAST" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "Wybiera naczelnika do użycia dla FAST" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "Używa anonimowego PKINIT do żądania danych uwierzytelniających FAST" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "Włącza ujednolicanie naczelnika" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "Włącza naczelników enterprise" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "Umożliwia korzystanie z obszarów poddomen do uwierzytelniania" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "Mapa nazw użytkowników do nazw naczelników Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Serwer, w którym jest uruchomiona usługa zmiany haseł, jeśli nie znajduje " "się w KDC" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, adres URI serwera LDAP" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "ldap_backup_uri, adres URI serwera LDAP" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "Domyślna podstawowa DN" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Typ Schema do użycia na serwerze LDAP, RFC2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "Tryb używany do zmiany hasła użytkownika" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "Domyślne DN dowiązania" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "Typ tokenu uwierzytelniania domyślnego DN dowiązania" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "Token uwierzytelniania domyślnego DN dowiązania" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "Czas do próby połączenia" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Czas do próby synchronicznych działań LDAP" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "Czas między próbami ponownego połączenia w trybie offline" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "Użycie tylko wielkich znaków w nazwach obszarów" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "Plik zawierający certyfikaty CA" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "Ścieżka do katalogu certyfikatów CA" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "Plik zawierający certyfikat klienta" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "Plik zawierający klucz klienta" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "Lista możliwych zestawów szyfrów" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "Wymaga sprawdzenia certyfikatu TLS" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "Podaje używany mechanizm SASL" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "Podaje używany identyfikator upoważnienia SASL" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "Podaje obszar upoważnienia SASL do użycia" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "Podaje minimalne SSF dla upoważnienia sasl LDAP" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "Podaje maksymalne SSF dla upoważnienia sasl LDAP" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "Tablica kluczy usługi Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "Używa uwierzytelniania Kerberos dla połączenia LDAP" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "Podąża za odsyłaniami LDAP" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "Czas trwania TGT dla połączenia LDAP" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "Jak wskazywać aliasy" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "Nazwa usługi do wyszukiwań usługi DNS" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "Liczba wpisów do pobrania w jednym zapytaniu LDAP" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "Suma liczb, których musi brakować, aby wywołać pełne „deref”" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "Ignoruje nieczytelne odniesienia LDAP" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" @@ -1376,7 +1375,7 @@ msgstr "" "Czy biblioteka LDAP ma wykonywać odwrotne wyszukanie, aby ujednolicić nazwę " "komputera podczas dowiązania SASL" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -1384,429 +1383,428 @@ msgstr "" "Zezwala na zachowywanie lokalnych użytkowników jako członków grupy LDAP dla " "serwerów używających schematu RFC2307." -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "Atrybut entryUSN" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "Atrybut lastUSN" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "Jak długo utrzymywać połączenie z serwerem LDAP przed rozłączeniem" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "Wyłącza kontrolę stronicowania LDAP" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "Wyłącza pobieranie zakresu Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "Czas oczekiwania na żądanie wyszukiwania" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "Czas oczekiwania na żądanie wyliczenia" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "Czas między aktualizacjami wyliczania" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "Maksymalny okres odchylenia między aktualizacjami wyliczania" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "Czas między czyszczeniem pamięci podręcznej" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "Maksymalny okres odchylenia między czyszczeniem pamięci podręcznej" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "Wymaga TLS dla wyszukiwania identyfikatorów" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" "Używa mapowania identyfikatorów objectSID zamiast uprzednio ustawionych " "identyfikatorów" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "Podstawowe DN dla wyszukiwania użytkowników" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "Zakres wyszukiwania użytkowników" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "Filtruje wyszukiwania użytkowników" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "Klasa obiektów dla użytkowników" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "Atrybut nazwy użytkownika" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "Atrybut UID" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "Pierwszy atrybut GID" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "Atrybut GECOS" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "Atrybut katalogu domowego" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "Atrybut powłoki" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "Atrybut UUID" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "Atrybut objectSID" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "Atrybut głównej grupy Active Directory dla mapowania identyfikatorów" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "Atrybut głównego użytkownika (dla Kerberos)" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "Imię i nazwisko" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "Atrybut memberOf" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "Atrybut czasu modyfikacji" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "Atrybut shadowLastChange" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "Atrybut shadowMin" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "Atrybut shadowMax" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "Atrybut shadowWarning" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "Atrybut shadowInactive" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "Atrybut shadowExpire" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "Atrybut shadowFlag" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "Atrybut zawierający listę upoważnionych usług PAM" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "Atrybut zawierający listę upoważnionych komputerów serwerowych" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "Atrybut zawierający listę upoważnionych rhosts serwera" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "Atrybut krbLastPwdChange" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "Atrybut krbPasswordExpiration" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" -msgstr "Atrybut wskazujący, czy polityki haseł po stronie serwera są aktywne" +msgstr "Atrybut wskazujący, czy zasady haseł po stronie serwera są aktywne" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "Atrybut accountExpires AD" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "Atrybut userAccountControl AD" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "Atrybut nsAccountLock" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "Atrybut loginDisabled NDS" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "Atrybut loginExpirationTime NDS" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "Atrybut loginAllowedTimeMap NDS" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "Atrybut klucza publicznego SSH" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" "atrybut zawierający listę dozwolonych typów uwierzytelniania dla użytkownika" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "atrybut zawierający certyfikat X509 użytkownika" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "atrybut zawierający adres e-mail użytkownika" -#: src/config/SSSDConfig/sssdoptions.py:449 -#, fuzzy +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" -msgstr "atrybut zawierający adres e-mail użytkownika" +msgstr "atrybut zawierający dane mapowania hasła-klucza użytkownika" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "Lista dodatkowych atrybutów do pobrania razem z wpisem użytkownika" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "Podstawowe DN dla wyszukiwania grup" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "Klasa obiektów dla grup" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "Nazwa grupy" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "Hasło grupy" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "Atrybut GID" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "Atrybut elementu grupy" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "Atrybut UUID grupy" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "Atrybut czasu modyfikacji grup" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "Typ grupy i inne flagi" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "Atrybut zewnętrznego członka grupy LDAP" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "Maksymalny poziom zagnieżdżenia, jaki usługa SSSD będzie używała" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "Filtruje wyszukiwania grup" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "Zakres wyszukiwania grup" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "Podstawowe DN dla wyszukiwania grupy sieciowej" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "Klasa obiektów dla grup sieciowych" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "Nazwa grupy sieciowej" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "Atrybut elementów grupy sieciowej" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "Potrójny atrybut grupy sieciowej" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "Atrybut czasu modyfikacji grup sieciowych" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "Podstawowe DN do wyszukiwania usług" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "Klasa obiektów dla usług" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "Atrybut nazwy usługi" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "Atrybut portu usługi" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "Atrybut protokołu usługi" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "Niższa granica dla mapowania identyfikatorów" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "Wyższa granica dla mapowania identyfikatorów" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" "Liczba identyfikatorów dla każdego fragmentu podczas mapowania " "identyfikatorów" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "Używa algorytmu zgodnego z autorid do mapowania identyfikatorów" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "Nazwa domyślnej domeny dla mapowania identyfikatorów" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "SID domyślnej domeny dla mapowania identyfikatorów" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "Liczba drugorzędnych fragmentów" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "Czy używać Token-Groups" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "Ustawia dolną granicę dla dozwolonych identyfikatorów z serwera LDAP" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "Ustawia górną granicę dla dozwolonych identyfikatorów z serwera LDAP" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" -msgstr "DN dla zapytań polityki" +msgstr "DN dla zapytań zasad" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "Ile maksymalnie wpisów pobierać podczas żądania z wieloznacznikiem" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "Ustawia poziom debugowania biblioteki libldap" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" -msgstr "Polityka do sprawdzania wygaszenia hasła" +msgstr "Zasady do sprawdzania wygaszenia hasła" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "Które atrybuty mają być używane do sprawdzenia, czy konto wygasło" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "Adres URI serwera LDAP, gdzie zmiany hasła są dozwolone" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "Adres URI zapasowego serwera LDAP, gdzie zmiany hasła są dozwolone" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "Nazwa usługi DNS serwera zmiany hasła LDAP" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" "Czy zaktualizować atrybut ldap_user_shadow_last_change po zmianie hasła" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "Podstawowe DN dla wyszukiwań reguł sudo" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "Okres między automatycznymi pełnymi odświeżeniami" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "Okres między automatycznymi inteligentnymi odświeżeniami" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "Losowe przesunięcie inteligentnego i pełnego odświeżenia" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "Czy filtrować reguły według nazwy komputera, adresów IP i sieci" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" @@ -1814,150 +1812,150 @@ msgstr "" "Nazwy komputerów lub w pełni kwalifikowane nazwy domen tego komputera do " "filtrowania reguł sudo" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" "Adresy lub sieci IPv4 lub IPv6 tego komputera do filtrowania reguł sudo" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "Czy zawierać reguły zawierające grupy sieciowe w atrybucie komputera" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" "Czy zawierać reguły zawierające wyrażenia regularne w atrybucie komputera" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "Klasa obiektów dla reguł sudo" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "Nazwa atrybutu używanego jako klasa obiektów dla reguł sudo" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "Nazwa reguły sudo" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "Atrybut polecenia reguły sudo" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "Atrybut komputera reguły sudo" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "Atrybut użytkownika reguły sudo" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "Atrybut opcji reguły sudo" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "Atrybut runas reguły sudo" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "Atrybut runasuser reguły sudo" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "Atrybut runasgroup reguły sudo" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "Atrybut notbefore reguły sudo" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "Atrybut notafter reguły sudo" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "Atrybut kolejności reguły sudo" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "Klasa obiektów dla map automountera" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "Atrybut nazwy mapy automountera" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "Klasa obiektów dla wpisów map automountera" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "Atrybut klucza wpisu mapy automountera" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "Atrybut wartości wpisu mapy automountera" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "Podstawowe DN dla wyszukiwań map automountera" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "Nazwa głównej mapy automatycznego montowania w LDAP." -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "Podstawowe DN dla wyszukiwania IP komputerów" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "Klasa obiektów dla IP komputerów" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "Atrybut nazwy IP komputera" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "Atrybut numeru (adresu) IP komputera" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "Atrybut entryUSN IP komputera" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "Podstawowe DN dla wyszukiwania IP sieci" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "Klasa obiektów dla IP sieci" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "Atrybut nazwy IP sieci" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "Atrybut numeru (adresu) IP sieci" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "Atrybut entryUSN IP sieci" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "Lista dozwolonych użytkowników oddzielonych przecinkami" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "Lista zabronionych użytkowników oddzielonych przecinkami" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." @@ -1966,7 +1964,7 @@ msgstr "" "zastosowanie tylko do grup w tej domenie SSSD. Lokalne grupy nie są " "sprawdzane." -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " @@ -1976,32 +1974,32 @@ msgstr "" "dostęp. Ma to zastosowanie tylko do grup w tej domenie SSSD. Lokalne grupy " "nie są sprawdzane." -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "Liczba elementów potomnych pośrednika przed rozwidleniem." -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "Nazwa używanej biblioteki NSS" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "Nazwa biblioteki NSS używanej do wyszukiwania komputerów i sieci" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" "Czy wyszukiwać kanoniczną nazwę grupy w pamięci podręcznej, jeśli to możliwe" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "Używany stos PAM" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "Ścieżka źródeł pliku „passwd”." -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "Ścieżka źródeł pliku „group”." @@ -2050,67 +2048,67 @@ msgstr "Uruchamianie jako %, musi być rootem\n" msgid "SSSD is already running\n" msgstr "Usługa SSSD jest już uruchomiona\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "Zezwala na zrzuty core" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "Otwiera deskryptor pliku dla dzienników debugowania" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "Użytkownik, jako który utworzyć ccache FAST" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "Grupa, jako którą utworzyć ccache FAST" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "Używa anonimowego PKINIT do żądania opakowanego biletu FAST" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "Używany obszar Kerberosa" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "Żądany czas trwania biletu" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "Żądany odnawialny czas trwania biletu" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "Opcje FAST („never”, „try”, „demand”)" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "Podaje naczelnika serwera używanego dla FAST" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "Żąda ujednolicenie nazwy naczelnika" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "Użycie niestandardowej wersji krb5_get_init_creds_password" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "Identyfikator łańcucha tevent używany do celów zapisywania w dzienniku" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "Sprawdza flagi PAC" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "talloc_asprintf się nie powiodło.\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "set_debug_file_from_fd się nie powiodło.\n" @@ -2118,35 +2116,35 @@ msgstr "set_debug_file_from_fd się nie powiodło.\n" msgid "Domain of the information provider (mandatory)" msgstr "Domena dostawcy informacji (wymagane)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "Uprawnione gniazdo ma błędnego właściciela lub uprawnienia." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "Publiczne gniazdo ma błędnego właściciela lub uprawnienia." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Nieoczekiwany format komunikatu uwierzytelniającego serwera." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD nie zostało uruchomione w trybie roota." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "Gniazdo SSSD nie istnieje." -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "Nie można wykonać „stat” na gnieździe SSSD." -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "Wystąpił błąd, ale nie odnaleziono jego opisu." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Nieoczekiwany błąd podczas wyszukiwania opisu błędu" @@ -2154,55 +2152,62 @@ msgstr "Nieoczekiwany błąd podczas wyszukiwania opisu błędu" msgid "Permission denied. " msgstr "Odmowa uprawnienia. " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Komunikat serwera: " #: src/sss_client/pam_sss.c:71 -msgid "Enter PIN:" +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." msgstr "" +"TGT Kerberosa nie będzie nadawany po zalogowaniu, co wpłynie na użytkownika." + +#: src/sss_client/pam_sss.c:72 +msgid "Enter PIN:" +msgstr "Proszę podać kod PIN:" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Hasła się nie zgadzają" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "Przywrócenie hasła przez użytkownika root nie jest obsługiwane." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Uwierzytelniono za pomocą danych z pamięci podręcznej" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", hasło w pamięci podręcznej wygaśnie za: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "Hasło wygasło. Pozostało %1$d możliwych logowań." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Hasło wygaśnie za %1$d %2$s." -#: src/sss_client/pam_sss.c:627 -#, fuzzy, c-format +#: src/sss_client/pam_sss.c:628 +#, c-format msgid "Your password has expired." -msgstr "Hasło wygaśnie za %1$d %2$s." +msgstr "Hasło wygasło." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "Uwierzytelnianie jest zabronione do: " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "System jest w trybie offline, zmiana hasła nie jest możliwa" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" @@ -2210,67 +2215,76 @@ msgstr "" "Po zmianie hasła OTP należy się wylogować i zalogować ponownie, aby uzyskać " "bilet" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "Zablokowano kod PIN" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" +"Nie nadano TGT Kerberosa, jako że serwer nie obsługuje tej metody, co " +"wpłynie na pojedyncze logowanie (SSO)." + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Zmiana hasła się nie powiodła. " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "Proszę uwierzytelnić pod adresem %1$s i nacisnąć klawisz Enter." -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" "Proszę uwierzytelnić za pomocą kodu PIN %1$s pod adresem %2$s i nacisnąć " "klawisz Enter." -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "Proszę (ponownie) włożyć (inną) kartę smartcard" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Nowe hasło: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Proszę ponownie podać nowe hasło: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "Pierwszy czynnik: " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "Drugi czynnik (opcjonalnie): " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "Drugi czynnik: " -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" +"Proszę włożyć urządzenie hasła-klucza, a następnie nacisnąć klawisz Enter." -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Hasło: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "Pierwszy czynnik (obecne hasło): " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Bieżące hasło: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "Hasło wygasło. Proszę je zmienić teraz." @@ -2609,9 +2623,8 @@ msgid "Passkey related tools:" msgstr "Narzędzia związane z hasłami-kluczami:" #: src/tools/sssctl/sssctl.c:348 -#, fuzzy msgid "Perform passkey registration" -msgstr "Wykonuje działania związane z hasłami-kluczami" +msgstr "Wykonuje rejestrację hasłem-kluczem" #: src/tools/sssctl/sssctl_cache.c:31 #, c-format @@ -2792,9 +2805,8 @@ msgid "Error while reading configuration directory.\n" msgstr "Błąd podczas odczytywania katalogu konfiguracji.\n" #: src/tools/sssctl/sssctl_config.c:147 -#, fuzzy msgid "There is no configuration.\n" -msgstr "Wczytanie konfiguracji z %s się nie powiodło.\n" +msgstr "Nie ma konfiguracji.\n" #: src/tools/sssctl/sssctl_config.c:157 msgid "Failed to run validators" diff --git a/po/pt.po b/po/pt.po index ac622595797..c2a3bfc9186 100644 --- a/po/pt.po +++ b/po/pt.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2014-12-14 11:47-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/" @@ -598,12 +598,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" @@ -687,1165 +687,1169 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "Domínio IPA" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "Endereço do servidor IPA" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "Nome da máquina do cliente IPA" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Endereço do servidor Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Reino Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "Tempo de expiração da autenticação" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "Directório para armazenar as caches de credenciais" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "Localização da cache de credenciais dos utilizadores" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "Localização da tabela de chaves (keytab) para validar credenciais" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "Activar validação de credenciais" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Servidor onde está em execução o serviço de alteração de senha, se não " "coincide com o KDC" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, O URI do servidor LDAP" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "A base DN por omissão" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "O tipo de Schema em utilização no servidor LDAP, rfc2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "O DN por omissão para a ligação" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "O tipo de token de autenticação do bind DN por omissão" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "O token de autenticação do bind DN por omissão" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "Período de tempo para tentar ligação" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Tempo de espera para tentar operações LDAP síncronas" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "Tempo de espera entre tentativas para re-conectar quando desligado" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "Ficheiro que contêm os certificados CA" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "Caminho para o directório do certificado CA" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "Obriga a verificação de certificados TLS" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "Especificar mecanismo sasl a utilizar" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "Especifique o id sasl para utilizar na autorização" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "Separador chave do serviço Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "Utilizar autenticação Kerberos para ligações LDAP" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "Seguir os referrals LDAP" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "Tempo de espera por um pedido de pesquisa" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "Período de tempo entre enumeração de actualizações" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 #, fuzzy msgid "Maximum period deviation between enumeration updates" msgstr "Período de tempo entre enumeração de actualizações" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "Requer TLS para consultas de ID" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "DN base para pesquisa de utilizadores" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "Âmbito das pesquisas do utilizador" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "Filtro para as pesquisas do utilizador" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "Objectclass para utilizadores" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "Atributo do nome do utilizador" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "Atributo UID" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "Atributo GID primário" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "Atributo GECOS" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "Atributo da pasta pessoal" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "Atributo da Shell" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "Atributo principal do utilizador (para Kerberos)" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "Nome Completo" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "Atributo memberOf" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "Atributo da alteração da data" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "Politica para avaliar a expiração da senha" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "Lista de utilizadores autorizados separados por vírgulas" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "Lista de utilizadores não autorizados separados por vírgulas" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "O nome da biblioteca NSS a utilizar" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "Stack PAM a utilizar" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1894,67 +1898,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "Um descritor de ficheiro aberto para os registos de depuração" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1962,35 +1966,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "Domínio do fornecedor de informação (obrigatório)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" @@ -1998,119 +2002,131 @@ msgstr "" msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Mensagem do Servidor: " #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Senhas não coincidem" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", a sua senha guardada em cache irá expirar em: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr ", a sua senha guardada em cache irá expirar em: " -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "O sistema está offline, a mudança de senha não é possível" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Alteração da senha falhou." -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Nova Senha: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Digite a senha novamente: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Senha: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Senha actual: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "A senha expirou. Altere a sua senha agora." diff --git a/po/pt_BR.po b/po/pt_BR.po index 6921125d741..30fa446d830 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -3,7 +3,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2015-10-27 08:15-0400\n" "Last-Translator: Marco Aurélio Krause \n" "Language-Team: Portuguese (Brazil)\n" @@ -582,12 +582,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" @@ -671,1162 +671,1166 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 -msgid "IPA domain" +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " msgstr "" #: src/config/SSSDConfig/sssdoptions.py:229 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:230 -msgid "Address of backup IPA server" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:231 -msgid "IPA client hostname" +msgid "Address of backup IPA server" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:232 +msgid "IPA client hostname" +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1875,67 +1879,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1943,35 +1947,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" @@ -1979,119 +1983,131 @@ msgstr "" msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, c-format msgid "Your password has expired." msgstr "" -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/ru.po b/po/ru.po index f210c923f1f..f1314439647 100644 --- a/po/ru.po +++ b/po/ru.po @@ -7,23 +7,23 @@ # Oleksii Levan , 2016. #zanata # Evgeny Sinelnikov , 2021. # Olesya Gerasimenko , 2021. -# Elena Mishina , 2022. +# Elena Mishina , 2022, 2023. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2022-12-14 19:20+0000\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" +"PO-Revision-Date: 2023-09-18 03:54+0000\n" "Last-Translator: Elena Mishina \n" "Language-Team: Russian \n" +"sssd-2-9/ru/>\n" "Language: ru\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && " "n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" -"X-Generator: Weblate 4.14.2\n" +"X-Generator: Weblate 5.0.2\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -173,9 +173,8 @@ msgid "Enable or disable core dumps for all SSSD processes." msgstr "Включить или отключить дампы памяти для всех процессов SSSD." #: src/config/SSSDConfig/sssdoptions.py:58 -#, fuzzy msgid "Tune passkey verification behavior" -msgstr "Настроить проверку сертификатов" +msgstr "Настроить проверку ключа доступа" #: src/config/SSSDConfig/sssdoptions.py:61 msgid "Enumeration cache timeout length (seconds)" @@ -433,20 +432,18 @@ msgstr "" "GSSAPI" #: src/config/SSSDConfig/sssdoptions.py:117 -#, fuzzy msgid "Allow passkey device authentication." -msgstr "Разрешить проверку подлинности на основе сертификата или смарт-карты." +msgstr "Разрешить проверку подлинности на основе ключа доступа." #: src/config/SSSDConfig/sssdoptions.py:118 -#, fuzzy msgid "How many seconds will pam_sss wait for passkey_child to finish" msgstr "" "Разрешённое количество секунд, в течение которого pam_sss ожидает завершения " -"работы p11_child" +"работы passkey_child" #: src/config/SSSDConfig/sssdoptions.py:119 msgid "Enable debugging in the libfido2 library" -msgstr "" +msgstr "Включить отладку в библиотеке libfido2" #: src/config/SSSDConfig/sssdoptions.py:122 msgid "Whether to evaluate the time-based attributes in sudo rules" @@ -704,12 +701,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "Следует ли автоматически обновлять запись DNS клиента" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "TTL для применения к записи DNS клиента после её обновления" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "Интерфейс, адрес которого будет использован для обновления DNS" @@ -808,36 +805,40 @@ msgstr "" "фактора проверки подлинности (долговременного пароля), который должен быть " "сохранён в формате контрольной суммы SHA512 в кэше." -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "Локальная политика методов проверки подлинности " + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "Домен IPA" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "Адрес сервера IPA" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "Адрес резервного сервера IPA" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "Имя узла клиента IPA" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "Следует ли автоматически обновлять запись DNS клиента во FreeIPA" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "База поиска объектов, связанных с HBAC" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "Временной интервал между сеансами поиска правил HBAC на сервере IPA" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" @@ -845,63 +846,63 @@ msgstr "" "Временной интервал (в секундах) между сеансами поиска карт SELinux на " "сервере IPA" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" "Если установлено значение «false», предоставленный PAM атрибут узла будет " "проигнорирован" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" "Расположение автоматического монтирования, которое использует этот клиент IPA" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "База поиска объекта, содержащего информацию о домене IPA" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "База поиска объектов, содержащих информацию о диапазонах ID" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "Включить сайты DNS — обнаружение служб по расположению" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "База поиска контейнеров просмотра" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "Класс объектов для контейнеров просмотра" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "Атрибут с именем представления" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "Класс объектов для объектов переопределения" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "Атрибут со ссылкой на исходный объект" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "Класс объектов для объектов переопределения пользователей" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "Класс объектов для объектов переопределения групп" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "База поиска объектов, связанных с профилями рабочего стола" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" @@ -909,7 +910,7 @@ msgstr "" "Временной интервал (в секундах) между сеансами поиска правил профилей " "рабочего стола на сервере IPA" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" @@ -918,42 +919,42 @@ msgstr "" "рабочего стола на сервере IPA, если во время последнего запроса не было " "найдено ни одного правила" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "База поиска для диапазонов SUBID" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" "Правила, которые используются, чтобы определить достаточность прав доступа" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "Атрибут LDAP, который содержит FQDN узла." -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "Класс объектов записи узла в LDAP." -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "Использовать указанную строку как базу поиска объектов узлов." -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "Атрибут LDAP, который содержит открытые ключи SSH узла." -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "Атрибут LDAP, который содержит имя домена NIS сетевой группы." -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "Атрибут LDAP, который содержит имена участников сетевой группы." -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." @@ -961,7 +962,7 @@ msgstr "" "Атрибут LDAP со списком FQDN узлов и групп узлов, которые являются " "участниками сетевой группы." -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." @@ -969,11 +970,11 @@ msgstr "" "Атрибут LDAP со списком узлов и групп узлов, которые являются " "непосредственными участниками сетевой группы." -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "Атрибут LDAP со списком участников сетевой группы." -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." @@ -981,20 +982,20 @@ msgstr "" "Атрибут LDAP со списком общесистемных пользователей и групп, которые " "являются непосредственными участниками сетевой группы." -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "Атрибут LDAP, соответствующий имени сетевой группы." -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "Класс объектов записи сетевой группы в LDAP." -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "Атрибут LDAP, который содержит UUID/GUID объекта сетевой группы LDAP." -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." @@ -1002,11 +1003,11 @@ msgstr "" "Атрибут LDAP, который определяет, включена ли эта карта пользователей для " "использования." -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "Атрибут LDAP, который содержит категорию узла (например, «all»)." -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." @@ -1014,18 +1015,18 @@ msgstr "" "Атрибут LDAP, который содержит все узлы или группы узлов, для которых " "устанавливается соответствие этого правила." -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" "Атрибут LDAP, который содержит всех пользователей или группы, для которых " "устанавливается соответствие этого правила." -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "Атрибут LDAP, который содержит имя карты пользователей SELinux." -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." @@ -1033,20 +1034,20 @@ msgstr "" "Атрибут LDAP, который содержит DN правила HBAC, которое можно использовать " "для установления соответствия вместо memberUser и memberHost." -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "Атрибут LDAP, который содержит саму строку пользователя SELinux." -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" "Атрибут LDAP, который содержит категорию пользователя (например, «all»)." -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "Атрибут LDAP, который содержит уникальный ID карты пользователей." -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." @@ -1054,51 +1055,51 @@ msgstr "" "Параметр обозначает, что SSSD работает на сервере IPA и следует иначе " "выполнять поиск пользователей и групп из доверенных доменов." -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "Использовать указанную строку как базу поиска доверенных доменов." -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "Домен Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "Включённые домены Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "Адрес сервера Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "Адрес резервного сервера Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "Имя узла клиента Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "Фильтр LDAP для определения прав доступа" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "Следует ли использовать глобальный каталог для поиска" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "Режим работы для управления доступом на основе GPO" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" "Временной интервал между сеансами поиска файлов политики GPO на сервере AD" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" @@ -1106,7 +1107,7 @@ msgstr "" "Имена служб PAM, которые сопоставляются параметрам политики GPO " "(Deny)InteractiveLogonRight" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" @@ -1114,295 +1115,295 @@ msgstr "" "Имена служб PAM, которые сопоставляются параметрам политики GPO " "(Deny)RemoteInteractiveLogonRight" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" "Имена служб PAM, которые сопоставляются параметрам политики GPO " "(Deny)NetworkLogonRight" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" "Имена служб PAM, которые сопоставляются параметрам политики GPO " "(Deny)BatchLogonRight" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" "Имена служб PAM, которые сопоставляются параметрам политики GPO " "(Deny)ServiceLogonRight" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "Имена служб PAM, которым всегда предоставляется доступ на основе GPO" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "Имена служб PAM, которым всегда запрещается доступ на основе GPO" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "Право доступа по умолчанию (или разрешение/запрет) для имён служб PAM" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "Конкретный сайт для использования клиентом" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" "Максимальный срок действия (в днях) пароля учётной записи компьютера, по " "достижении которого он должен быть обновлён" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "Параметр для настройки задания по обновлению учётной записи компьютера" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" "Следует ли обновлять пароль учётной записи компьютера в базе данных Samba" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "Использовать порт LDAPS для запросов LDAP и глобального каталога" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "Не отфильтровывать группы, локальные в домене, в других доменах" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" -msgstr "Имя сервера Kerberos" +msgstr "Адрес сервера Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "Адрес резервного сервера Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Область действия Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "Тайм-аут проверки подлинности" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "Следует ли создавать файлы kdcinfo" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "Место для размещения фрагментов конфигурации krb5" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "Каталог для хранения кэша учётных данных" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "Расположение кэша учётных данных пользователя" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "Расположение keytab-файла для проверки учётных данных" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "Включить проверку учётных данных" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" "При отсутствии соединения сохранить пароль и пройти проверку подлинности " "позже" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "Возобновляемое время жизни TGT" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "Время жизни TGT" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "Временной интервал между двумя проверками для обновления" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "Включает FAST" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "Выбирает участника, которого следует использовать для FAST" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "Использовать анонимный PKINIT для запроса учётных данных FAST" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "Включает преобразование участников в каноническую форму" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "Включает участники-предприятия" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "Включает использование областей поддоменов для проверки подлинности" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "Сопоставление имён пользователей с именами участников Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "Сервер, на котором запущена служба смены пароля (если не на KDC)" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, URI сервера LDAP" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "ldap_backup_uri, URI сервера LDAP" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "Base DN по умолчанию" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Тип схемы, используемой на LDAP-сервере, rfc2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "Режим, который используется для смены пароля пользователя" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "Bind DN по умолчанию" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "Тип маркера проверки подлинности для bind DN по умолчанию" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "Маркер проверки подлинности для bind DN по умолчанию" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "Временной интервал для попытки соединения" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Временной интервал для попытки синхронизации операций LDAP" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" "Временной интервал между попытками возобновления соединения при нахождении в " "автономном режиме" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "Использовать для имён областей только верхний регистр" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "Файл, который содержит сертификаты CA" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "Путь к каталогу с сертификатами CA" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "Файл, который содержит сертификат клиента" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "Файл, который содержит ключ клиента" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "Список возможных средств шифрования" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "Требуется проверка сертификата TLS" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "Укажите механизм SASL" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "Укажите ID авторизации SASL" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "Укажите область авторизации SASL" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" "Укажите минимальное значение SSF для авторизации на LDAP с помощью SASL" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" "Укажите максимальное значение SSF для авторизации на LDAP с помощью SASL" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "Keytab-файл службы Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "Использовать проверку подлинности Kerberos для LDAP-соединений" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "Переходить по ссылкам LDAP" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "Время жизни TGT для LDAP-соединений" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "Как разыменовывать псевдонимы" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "Имя службы для поиска с помощью службы DNS" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "Количество записей для получения в ответ на один запрос LDAP" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" "Количество участников, которых должно не хватать, для активации полного " "разыменования" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "Игнорировать нечитаемые ссылки LDAP" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" @@ -1410,7 +1411,7 @@ msgstr "" "Следует ли библиотеке LDAP выполнять обратный просмотр для преобразования " "имени узла в каноническую форму во время привязки SASL" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -1418,431 +1419,430 @@ msgstr "" "Разрешает сохранять локальных пользователей как участников группы LDAP для " "серверов, которые используют схему RFC2307." -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "Атрибут entryUSN" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "Атрибут lastUSN" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "Как долго поддерживать подключение к серверу LDAP перед отключением" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "Отключить управление переходами между страницами LDAP" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "Отключить получение диапазонов Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "Временной интервал для ожидания поискового запроса" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "Временной интервал для ожидания запроса перечисления" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "Временной интервал между обновлениями перечисления" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "Максимальное отклонение периода между обновлениями перечисления" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "Временной интервал между очистками кэша" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "Максимальное отклонение периода между очистками кэша" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "Требовать TLS для запросов ID" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "Использовать сопоставление ID objectSID вместо предустановленных ID" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "Base DN для поиска пользователей" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "Глубина поиска" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "Фильтр поиска" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "Класс объектов для пользователей" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "Атрибут имени пользователя" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "Атрибут UID" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "Атрибут основного GID" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "Атрибут GECOS" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "Атрибут домашнего каталога" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "Атрибут оболочки" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "Атрибут UUID" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "Атрибут objectSID" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "Атрибут основной группы Active Directory для сопоставления ID" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "Атрибут участника-пользователя (для Kerberos)" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "Полное имя" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "Атрибут memberOf" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "Атрибут времени изменения" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "Атрибут shadowLastChange" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "Атрибут shadowMin" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "Атрибут shadowMax" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "Атрибут shadowWarning" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "Атрибут shadowInactive" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "Атрибут shadowExpire" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "Атрибут shadowFlag" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "Атрибут со списком авторизованных служб PAM" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "Атрибут со списком авторизованных серверных узлов" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "Атрибут со списком авторизованных серверных r-узлов" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "Атрибут krbLastPwdChange" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "Атрибут krbPasswordExpiration" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" "Атрибут, который обозначает, что политики паролей на стороне сервера активны" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "Атрибут accountExpires AD" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "Атрибут userAccountControl AD" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "Атрибут nsAccountLock" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "Атрибут loginDisabled NDS" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "Атрибут loginExpirationTime NDS" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "Атрибут loginAllowedTimeMap NDS" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "Атрибут открытого ключа SSH" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" "Атрибут со список разрешённых типов проверки подлинности для пользователя" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "Атрибут, который содержит сертификат X509 пользователя" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "Атрибут, который содержит адрес электронной почты пользователя" -#: src/config/SSSDConfig/sssdoptions.py:449 -#, fuzzy +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" -msgstr "Атрибут, который содержит адрес электронной почты пользователя" +msgstr "атрибут, содержащий данные сопоставления ключа доступа пользователя" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" "Список дополнительных атрибутов для загрузки вместе с записью пользователя" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "Base DN для поиска групп" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "Класс объектов для групп" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "Имя группы" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "Пароль группы" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "Атрибут GID" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "Атрибут участника группы" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "Атрибут UUID группы" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "Атрибут времени изменения для групп" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "Тип группы и другие флаги" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "Атрибут LDAP внешнего участника группы" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "Максимальный уровень вложенности, который используется SSSD" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "Фильтр поиска групп" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "Область поиска групп" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "Base DN для поиска сетевых групп" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "Класс объектов для сетевых групп" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "Имя сетевой группы" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "Атрибут участников сетевых групп" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "Атрибут тройки сетевых групп" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "Атрибут времени изменения для сетевых групп" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "Base DN для поиска служб" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "Класс объектов для служб" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "Атрибут имени службы" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "Атрибут порта службы" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "Атрибут протокола службы" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "Нижняя граница для сопоставления ID" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "Верхняя граница для сопоставления ID" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "Количество ID для каждого среза при сопоставлении ID" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "Использовать совместимый с autorid алгоритм для сопоставления ID" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "Имя домена по умолчанию для сопоставления ID" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "SID домена по умолчанию для сопоставления ID" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "Количество вторичных срезов" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "Следует ли использовать группы маркеров" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "Установить нижнюю границу для разрешённых ID с сервера LDAP" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "Установить верхнюю границу для разрешённых ID с сервера LDAP" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "DN для запросов ppolicy" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" "Максимальное количество записей, которое может быть получено при запросе с " "использованием подстановочных знаков" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "Установить уровень отладки libldap" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "Политика вычисления окончания срока действия пароля" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" "Атрибуты, которые используются, чтобы определить, не истёк ли срок действия " "учётной записи" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "URI сервера LDAP, на котором разрешена смена паролей" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "URI резервного сервера LDAP, на котором разрешена смена паролей" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "Имя сервера смены паролей LDAP в службе DNS" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" "Следует ли обновлять атрибут ldap_user_shadow_last_change после смены пароля" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "Base DN для поиска правил sudo" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "Период полного автоматического обновления данных" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "Период автоматического интеллектуального обновления данных" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "Случайная задержка интеллектуального и полного обновления" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "Следует ли фильтровать правила по именам узлов, IP-адресам и сетям" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" @@ -1850,156 +1850,156 @@ msgstr "" "Имена узлов и/или полные доменные имена для этого компьютера для фильтрации " "правил sudo" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" "Адреса IPv4 или IPv6 или сеть этого компьютера для фильтрации списка правил " "sudo" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" "Следует ли включать правила, которые содержат сетевую группу в атрибуте узла" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" "Следует ли включать правила, которые содержат регулярное выражение в " "атрибуте узла" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "Класс объектов для правил sudo" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "Имя атрибута, который используется как класс объектов для правил sudo" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "Имя правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "Атрибут command (команда) правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "Атрибут host (узел) правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "Атрибут user (пользователь) правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "Атрибут option (параметр) правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "Атрибут runas (запуск от имени) правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" "Атрибут runasuser (пользователь, от имени которого выполняется запуск) " "правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" "Атрибут runasgroup (группа, от имени которой выполняется запуск) правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "Атрибут notbefore (предельное время начала действия) правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "Атрибут notafter (предельное время окончания действия) правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "Атрибут order (порядок) правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "Класс объектов для карт автоматического монтирования" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "Атрибут имени карты автоматического монтирования" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "Класс объектов для записей карт автоматического монтирования" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "Атрибут ключа записи карты автоматического монтирования" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "Атрибут значения записи карты автоматического монтирования" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "Base DN для поиска карт автоматического монтирования" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "Имя основной карты автоматического монтирования в LDAP." -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "Base DN для поиска IP-узлов" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "Класс объектов для IP-узлов" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "Атрибут имени IP-узла" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "Атрибут номера (адреса) IP-узла" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "Атрибут entryUSN IP-узла" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "Base DN для поиска IP-сетей" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "Класс объектов для IP-сетей" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "Атрибут имени IP-сети" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "Атрибут номера (адреса) IP-сети" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "Атрибут entryUSN IP-сети" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "Разделённый запятыми список разрешённых пользователей" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "Разделённый запятыми список запрещённых пользователей" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." @@ -2008,7 +2008,7 @@ msgstr "" "систему. Применимо только к группам внутри этого домена SSSD. Локальные " "группы не обрабатываются." -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " @@ -2018,32 +2018,32 @@ msgstr "" "доступ. Применимо только к группам внутри этого домена SSSD. Локальные " "группы не обрабатываются." -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "Количество предварительно ответвлённых дочерних прокси." -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "Имя используемой библиотеки NSS" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" "Имя библиотеки NSS, которая будет использоваться для поиска узлов и сетей" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "Следует ли искать каноническое имя группы в кэше, когда это возможно" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "Используемый стек PAM" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "Путь к исходному тексту файла passwd." -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "Путь к исходному тексту файла group." @@ -2093,67 +2093,67 @@ msgstr "Запущено от %, а должно быть от имен msgid "SSSD is already running\n" msgstr "SSSD уже выполняется\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "Разрешить дампы памяти" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "Дескриптор открытых файлов для журнала отладки" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "Пользователь, от имени которого следует создать ccache FAST" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "Группа, от имени которой следует создать ccache FAST" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "Использовать анонимный PKINIT для запроса билета защиты FAST" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "Область действия Kerberos" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "Запрашиваемое время жизни билета" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "Запрашиваемое возобновляемое время жизни билета" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "Параметры FAST («never», «try», «demand»)" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "Указывает участник-сервер, который следует использовать для FAST" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "Запрашивает преобразование имени участника в каноническую форму" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "Использовать нестандартную версию krb5_get_init_creds_password" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "Идентификатор цепочки Tevent, используемый для ведения журнала" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "Проверить PAC флаги" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "Ошибка talloc_asprintf.\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "Ошибка set_debug_file_from_fd.\n" @@ -2161,37 +2161,37 @@ msgstr "Ошибка set_debug_file_from_fd.\n" msgid "Domain of the information provider (mandatory)" msgstr "Домен поставщика информации (обязательный)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" "Для привилегированного сокета установлен неверный владелец или права доступа." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" "Для общедоступного сокета установлен неверный владелец или права доступа." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Некорректный формат сообщения об учётных данных сервера." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "Запуск SSSD выполнен не от имени пользователя root." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "Сокет SSSD не существует." -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "Не удалось получить статистику сокета SSSD." -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "Произошла ошибка, но не удалось найти её описание." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Непредвиденная ошибка при поиске описания ошибки" @@ -2199,55 +2199,63 @@ msgstr "Непредвиденная ошибка при поиске описа msgid "Permission denied. " msgstr "Доступ запрещён. " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Сообщение сервера: " #: src/sss_client/pam_sss.c:71 -msgid "Enter PIN:" +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." msgstr "" +"После входа в систему не будет предоставлен TGT Kerberos. Это может помешать " +"нормальной работе пользователя." + +#: src/sss_client/pam_sss.c:72 +msgid "Enter PIN:" +msgstr "Введите PIN:" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Пароли не совпадают" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "Поддержка сброса пароля пользователем root не предусмотрена." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Проверка подлинности с учётными данными из кэша" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", срок действия вашего кэшированного пароля истечёт: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "Срок действия пароля истёк. Осталось попыток входа в систему: %1$d." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Срок действия пароля истекает через %1$d %2$s." -#: src/sss_client/pam_sss.c:627 -#, fuzzy, c-format +#: src/sss_client/pam_sss.c:628 +#, c-format msgid "Your password has expired." -msgstr "Срок действия пароля истекает через %1$d %2$s." +msgstr "Срок действия пароля истёк." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "Проверка подлинности запрещена до: " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "Система находится в автономном режиме, невозможно сменить пароль" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" @@ -2255,66 +2263,74 @@ msgstr "" "После смены одноразового пароля необходимо выйти из системы и снова войти в " "неё, чтобы получить билет" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "PIN заблокирован" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" +"TGT Kerberos не предоставлен, поскольку на сервере не предусмотрена " +"поддержка этого метода. Это повлияет на работу системы единого входа (SSO)." + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Не удалось сменить пароль. " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "Пожалуйста, авторизуйтесь на %1$s и нажмите ENTER." -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" "Пожалуйста, авторизуйтесь с помощью PIN-кода %1$s на %2$s и нажмите ENTER." -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "Пожалуйста, вставьте (повторно/другую) смарт-карту" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Новый пароль: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Введите новый пароль ещё раз: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "Первый фактор: " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "Второй фактор (необязательно): " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "Второй фактор: " -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." -msgstr "" +msgstr "Вставьте устройство с ключом доступа и нажмите ENTER." -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Пароль: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "Первый фактор (текущий пароль): " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Текущий пароль: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "Срок действия пароля истёк. Необходимо сейчас изменить ваш пароль." @@ -2653,9 +2669,8 @@ msgid "Passkey related tools:" msgstr "Инструменты, связанные с ключом:" #: src/tools/sssctl/sssctl.c:348 -#, fuzzy msgid "Perform passkey registration" -msgstr "Выполнить связанные с ключом действия" +msgstr "Зарегистрировать ключ доступа" #: src/tools/sssctl/sssctl_cache.c:31 #, c-format @@ -2837,9 +2852,8 @@ msgid "Error while reading configuration directory.\n" msgstr "Ошибка при чтении каталога конфигурации.\n" #: src/tools/sssctl/sssctl_config.c:147 -#, fuzzy msgid "There is no configuration.\n" -msgstr "Не удалось загрузить конфигурацию из %s.\n" +msgstr "Нет никакой конфигурации.\n" #: src/tools/sssctl/sssctl_config.c:157 msgid "Failed to run validators" diff --git a/po/sssd.pot b/po/sssd.pot index 3cc99837a5e..9727fad5e67 100644 --- a/po/sssd.pot +++ b/po/sssd.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -585,12 +585,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" @@ -674,1162 +674,1166 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 -msgid "IPA domain" +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " msgstr "" #: src/config/SSSDConfig/sssdoptions.py:229 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:230 -msgid "Address of backup IPA server" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:231 -msgid "IPA client hostname" +msgid "Address of backup IPA server" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:232 +msgid "IPA client hostname" +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1878,67 +1882,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1946,35 +1950,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" @@ -1982,119 +1986,131 @@ msgstr "" msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, c-format msgid "Your password has expired." msgstr "" -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/sv.po b/po/sv.po index 0973299ac90..d63f89a8fee 100644 --- a/po/sv.po +++ b/po/sv.po @@ -13,17 +13,17 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2023-02-12 16:20+0000\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" +"PO-Revision-Date: 2023-08-30 14:21+0000\n" "Last-Translator: Göran Uddeborg \n" "Language-Team: Swedish \n" +"sssd-2-9/sv/>\n" "Language: sv\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" -"X-Generator: Weblate 4.15.2\n" +"X-Generator: Weblate 4.18.2\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -174,9 +174,8 @@ msgid "Enable or disable core dumps for all SSSD processes." msgstr "Aktivera eller avaktivera kärndumpar för alla SSSD-processer." #: src/config/SSSDConfig/sssdoptions.py:58 -#, fuzzy msgid "Tune passkey verification behavior" -msgstr "Trimma certifikatverifikation" +msgstr "Trimma lösennyckelns verifikationsbeteende" #: src/config/SSSDConfig/sssdoptions.py:61 msgid "Enumeration cache timeout length (seconds)" @@ -404,18 +403,16 @@ msgstr "" "för PAM-åtkomst med GSSAPI-autentisering" #: src/config/SSSDConfig/sssdoptions.py:117 -#, fuzzy msgid "Allow passkey device authentication." -msgstr "Tillåt certifikatbaserad/smartkortsautentisering." +msgstr "Tillåt autentisering med lösennyckelsenhet." #: src/config/SSSDConfig/sssdoptions.py:118 -#, fuzzy msgid "How many seconds will pam_sss wait for passkey_child to finish" -msgstr "Hur många sekunder kommer pam_sss vänta på p11_child att avsluta" +msgstr "Hur många sekunder kommer pam_sss vänta på passkey_child att avsluta" #: src/config/SSSDConfig/sssdoptions.py:119 msgid "Enable debugging in the libfido2 library" -msgstr "" +msgstr "Aktivera felsökning i biblioteket libfido2" #: src/config/SSSDConfig/sssdoptions.py:122 msgid "Whether to evaluate the time-based attributes in sudo rules" @@ -663,12 +660,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "Huruvida klienternas DNS-poster uppdateras automatiskt" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "TTL:en att använda för klientens DNS-post efter att ha uppdaterat den" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "Gränssnittet vars IP skall användas för dynamiska DNS-uppdateringar" @@ -762,96 +759,100 @@ msgstr "" "värde den minsta längden den första autentiseringsfaktorn (långvarigt " "lösenord) måste ha för att sparas som en SHA512-kontrollsumma i cachen." -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "IPA-domän" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "IPA-serveradress" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "Adress till reserv-IPA-server" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "IPA-klientvärdnamn" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "Om klientens DNS-post i FreeIPA automatiskt skall uppdateras" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "Sökbas för HBAC-relaterade objekt" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "Tidsåtgången mellan uppslagningar av HBAC-reglerna mot IPA-servern" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" "Tiden i sekunder mellan uppslagningar av SELinux-mappningar mot IPA-servern" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "Om satt till falskt kommer värdargument givna av PAM ignoreras" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "Platsen för automatmonteraren denna IPA-klient använder" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "Sökbas för objekt som innehåller information om IPA-domänen" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "Sökbas för objekt som innehåller information om ID-intervall" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "Aktivera DNS-sajter - platsbaserad detektering av tjänster" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "Sökbas för vybehållare" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "Objektklass för vybehållare" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "Attribut med namnet på vyn" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "Objektklass för åsidosättande objekt" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "Attribut med referensen till originalobjektet" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "Objektklass för användaråsidosättande objekt" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "Objektklass för gruppåsidosättande objekt" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "Sökväg för objekt relaterade till skrivbordsprofiler" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" @@ -859,7 +860,7 @@ msgstr "" "Tiden i sekunder mellan uppslagningar av skrivbordsprofilsregler mot IPA-" "servern" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" @@ -867,41 +868,41 @@ msgstr "" "Tiden i minuter mellan uppslagningar av skrivbordsprofilsregler mot IPA-" "servern när den senaste förfrågan inte hittade någon regel" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "Sökbas för SUBAID-intervall" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "Vilka regler skall användas för att avgöra åtkomstkontroll" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "LDAP-attributet som innehåller värdens FQDN." -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "Objektklassen hos en värdpost i LDAP." -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "Använd den givna strängen som en sökbas för värdobjekt." -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "LDAP-attributet som innehåller värdens publika SSH-nycklar." -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "LDAP-attributet som innehåller NIS-domännamnet på nätgruppen." -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "LDAP-attributet som innehåller namnen på nätgruppens medlemmar." -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." @@ -909,7 +910,7 @@ msgstr "" "LDAP-attributet som räknar upp FQDN:er för värdar och värdgrupper som är " "medlemmar av nätgruppen." -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." @@ -917,11 +918,11 @@ msgstr "" "LDAP-attributet som räknar upp värdar och värdgrupper som är direkta " "medlemmar av nätgruppen." -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "LDAP-attributet som räknar upp nätgruppens medlemskap." -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." @@ -929,20 +930,20 @@ msgstr "" "LDAP-attributet som räknar upp systemanvändare och grupper som är direkta " "medlemmar av nätgruppen." -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "LDAP-attributet som motsvarar nätgruppnamnet." -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "Objektklassen hos en nätgruppspost i LDAP." -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "LDAP-attributet som innehåller UUID/GUID för ett LDAP-nätgruppobjekt." -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." @@ -950,11 +951,11 @@ msgstr "" "LDAP-attributet som innehåller huruvida användaravbildningar är aktiverade " "för användning eller inte." -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "LDAP-attributet som innehåller värtkategorin såsom ”all”." -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." @@ -962,18 +963,18 @@ msgstr "" "LDAP-attributet som innehåller alla värdar / värdgrupper denna regel matchar " "mot." -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" "LDAP-attributet som innehåller alla användare / grupper denna regel matchar " "mot." -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "LDAP-attributet som innehåller namnet på SELinux-användaravbildningen." -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." @@ -981,19 +982,19 @@ msgstr "" "LDAP-attributet som innehåller DN för HBAC-regeln som kan användas för att " "matcha istället för memberUser och memberHost." -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "LDAP-attributet som innehåller själva SELinux-användarsträngen." -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "LDAP-attributet som innehåller användarkategorin såsom ”all”." -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "LDAP-attributet som innehåller ett unikt ID för användaravbildningen." -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." @@ -1001,50 +1002,50 @@ msgstr "" "Flaggan anger att SSSD:n kör på en IPA-server och skall utföra uppslagningar " "av användare och grupper från betrodda domäner på ett annat sätt." -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "Använd den givna strängen som en sökbas för betrodda domäner." -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "Active Directory-domän" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "Aktivera Active Directory-domäner" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "Adress till Active Directory-server" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "Adress till Active Directory-reservserver" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "Active Directory-klientvärdnamn" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "LDAP-filter för att bestämma åtkomstprivilegier" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "Huruvida den globala katalogen skall användas för uppslagningar" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "Arbetsläge för GPO-baserad åtkomstkontroll" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "Tidsåtgången mellan uppslagningar av GPO-policyfiler mot AD-servern" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" @@ -1052,7 +1053,7 @@ msgstr "" "PAM-tjänstenamn som översätts till GPO-policyinställningen " "(Deny)InteractiveLogonRight" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" @@ -1060,287 +1061,287 @@ msgstr "" "PAM-tjänstenamn som översätts till GPO-policyinställningen " "(Deny)RemoteInteractiveLogonRight" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" "PAM-tjänstenamn som översätts till GPO-policyinställningen " "(Deny)NetworkLogonRight" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" "PAM-tjänstenamn som översätts till GPO-policyinställningen " "(Deny)BatchLogonRight" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" "PAM-tjänstenamn som översätts till GPO-policyinställningen " "(Deny)ServiceLogonRight" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "PAM-tjänstenamn för vilka GPO-baserad åtkomst alltid tillåts" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "PAM-tjänstenamn för vilka GPO-baserad åtkomst alltid nekas" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" "Standardinloggningsrättigheter (eller permit/deny) att använda för omappade " "PAM-tjänstenamn" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "en viss sajt att användas av klienten" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "Maximal ålder i dagar innan maskinkontots lösenord skall förnyas" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "Flagga för att trimma maskinkontots förnyelseuppgift" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "Huruvida lösenordet för maskinkontot i Sambadatabasen skall uppdateras" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "Använd LDAPS-porten för LDAP och Global Catalog-begäranden" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "Filtrera inte domänlokala grupper från andra domäner" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Adress till Kerberosserver" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "Adress till reservserver för Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Kerberosrike" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "Autentiseringstidsgräns" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "Huruvida kdcinfo-filer skall skapas" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "Var konfigurationssnuttar för krb5 skall läggas" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "Katalog att lagra kreditiv-cachar i" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "Plats för användarens kreditiv-cache" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "Plats för nyckeltabellen för att validera kreditiv" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "Aktivera validering av kreditiv" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "Lagra lösenord när ej ansluten för ansluten autentisering senare" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "Förnybar livstid för TGT:n" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "Livstid för TGT:n" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "Tid mellan två kontroller av förnyelse" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "Aktiverar FAST" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "Väljer huvudman att använda för FAST" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "Använd anonym PKINIT för att begära FAST-kreditiv" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "Aktivera kanonisk form av huvudman" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "Aktiverar företagshuvudmän" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "Aktiverar användningen av underdomänriken för autentisering" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "En översättning från användarnamn till Kerberos huvudmansnamn" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "Server där ändringstjänsten för lösenord kör om inte på KDC:n" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, URI:n för LDAP-servern" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "ldap_backup_uri, URI:n för LDAP-servern" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "Standard bas-DN" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Schematypen som används i LDAP-servern, rfc2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "Läge som används för att ändra användares lösenord" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "Standard bindnings-DN" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "Typen på autentiserings-token för standard bindnings-DN" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "Autentiserings-token för standard bindnings-DN" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "Tidslängd att försöka ansluta" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Tidslängd att försöka synkrona LDAP-operationer" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "Tidslängd mellan försök att återansluta vid frånkoppling" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "Använd endast versaler för namn på riken" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "Fil som innehåller CA-certifikat" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "Sökväg till katalogen med CA-certifikat" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "Fil som innehåller klientcertifikatet" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "Fil som innehåller klientnyckeln" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "Lista över möjliga chiffersviter" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "Kräv TLS-certifikatverifiering" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "Ange sasl-mekanismen att använda" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "Ange sasl-auktorisering-id att använda" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "Ange sasl-auktoriseringsrike att använda" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "Ange minsta SSF för LDAP-sasl-auktorisering" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "Ange största SSF för LDAP-sasl-auktorisering" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "Kerberostjänstens nyckeltabell" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "Använd Kerberosautentisering för LDAP-anslutningar" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "Följer LDAP-hänvisningar" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "Livslängd på TGT för LDAP-anslutning" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "Hur alias skall derefereras" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "Tjänstenamn för uppslagning av DNS-tjänster" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "Antalet poster som skall hämtas i en enda LDAP-fråga" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" "Antalet medlemmar som måste saknas för att orsaka en fullständig dereferering" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "Ignorera oläsbara LDAP-referenser" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" @@ -1348,7 +1349,7 @@ msgstr "" "Huruvida LDAP-biblioteket skall utföra en omvänd uppslagning för att ta fram " "värdnamnets kanoniska form under en SASL-bindning" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -1356,398 +1357,397 @@ msgstr "" "Tillåter att behålla lokala användare som medlemmar i en LDAP-grupp för " "servrar som använder schemat RFC2307." -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "entryUSN-attribut" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "lastUSN-attribut" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" "Hur länge en anslutning till LDAP-servern skall behållas före den kopplas ner" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "Avaktivera flödesstyrningen (paging) av LDAP" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "Avaktivera Active Directorys intervallhämtande" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "Tidslängd att vänta på en sökbegäran" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "Tidslängd att vänta på en uppräkningsbegäran" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "Tidslängd mellan uppräkningsuppdateringar" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "Maximal intervallavvikelse mellan uppräkningsuppdateringar" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "Tidslängd mellan cache-tömningar" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "Maximal tidsavvikelse mellan cache-rensningar" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "Kräv TLS för ID-uppslagningar" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "Använd ID-översättning av objectSID istället för förhandssatta ID:n" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "Bas-DN för användaruppslagningar" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "Omfång av användaruppslagningar" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "Filter för användaruppslagningar" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "Objektklass för användare" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "Användarnamnsattribut" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "UID-attribut" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "Primärt GID-attribut" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "GECOS-attribut" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "Hemkatalogattribut" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "Skalattribut" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "UUID-attribut" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "objectSID-attribut" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "Primärt gruppattribut i Active Directory för ID-mappning" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "Användarens huvudmansattribut (för Kerberos)" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "Fullständigt namn" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "medlemAv-attribut" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "Modifieringstidsattribut" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "attributet shadowLastChange" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "shadowMin-attribut" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "shadowMax-attribut" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "shadowWarning-attribut" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "shadowInactive-attribut" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "shadowExpire-attribut" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "shadowFlag-attribut" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "Attribut för listning av auktoriserade PAM-tjänster" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "Attribut för listning av auktoriserade servervärdar" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "Attribut för listning av auktoriserade server-rhosts" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "attributet krbLastPwdChange" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "krbPasswordExpiration-attribut" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "Attribut som indikerar att serversidans lösenordspolicyer är aktiva" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "AD:s attribut accountExpires" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "AD:s attribut userAccountControl" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "attributet nsAccountLock" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "NDS attribut loginDisabled" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "NDS attribut loginExpirationTime" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "NDS attribut loginAllowedTimeMap" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "Attribut för publik SSH-nyckel" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "attribut för listning av tillåtna autentiseringstyper för en användare" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "attribut som innehåller användarens X509-certifikat" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "attribut som innehåller e-postadresser till användaren" -#: src/config/SSSDConfig/sssdoptions.py:449 -#, fuzzy +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" -msgstr "attribut som innehåller e-postadresser till användaren" +msgstr "attribut som innehåller avbildningsdata för lösennyckel för användaren" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "En lista över extra attribut att hämta tillsammans med användarposten" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "Bas-DN för gruppuppslagningar" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "Objektklass för grupper" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "Gruppnamn" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "Grupplösenord" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "GID-attribut" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "Gruppmedlemsattribut" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "Grupp-UUID-attribut" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "Modifieringstidsattribut för grupper" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "Typen av grupp och andra flaggor" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "LDAP-gruppens externa medlemsattribut" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "Maximal nästlingsnivå SSSD kommer följa" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "Filter för gruppuppslagningar" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "Omfång av gruppuppslagningar" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "Bas-DN för nätgruppuppslagningar" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "Objektklass för nätgrupper" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "Nätgruppnamn" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "Attribut på nätgruppmedlemmar" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "Attribut på nätgruppstripplar" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "Modifieringstidsattribut för nätgrupper" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "Bas-DN för tjänsteuppslagningar" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "Objektklass för tjänster" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "Tjänstenamnsattribut" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "Tjänsteportsattribut" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "Tjänsteprotokollsattribut" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "Undre gräns för ID-mappning" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "Övre gräns för ID-mappning" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "Antal ID:n till varje skiva vid ID-mappning" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "Använd en autorid-kompatibel algoritm för ID-mappning" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "Standarddomänens namn för ID-mappning" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "Standarddomänens SID för ID-mappning" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "Antal sekundära skivor" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "Huruvida Token-Groups skall användas" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "Sätt undre gräns för tillåtna ID:n från LDAP-servern" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "Sätt övre gräns för tillåtna ID:n från LDAP-servern" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "DN för ppolicy-frågor" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "Hur många poster att maximalt hämta i en joker-begäran" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "Sätt felsökningsnivå för libldap" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "Policy för att utvärdera utgång av lösenord" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "Vilka attribut skall användas för att avgöra om ett konto gått ut" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "URI till en LDAP-server där lösenordsändringar är tillåtna" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "URI till en reserv-LDAP-server där lösenordsändringar är tillåtna" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "DNS-tjänstenamn för LDAP-lösenordsändringsservern" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" @@ -1755,28 +1755,28 @@ msgstr "" "Huruvida attributet ldap_user_shadow_last_change skall uppdateras efter en " "ändring av lösenord" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "Bas-DN för regeluppslagningar" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "Intervall mellan automatisk fullständig omläsning" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "Intervall mellan automatisk smart omläsning" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "Förskjutning mellan smart och fullständig omläsning" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" "Huruvida regler skall filtreras efter värdnamn, IP-adresser och nätverk" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" @@ -1784,153 +1784,153 @@ msgstr "" "Värdnamn och/eller fullständigt kvalificerade domännamn på denna maskin för " "att filtrera sudo-regler" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" "IPv4- eller IPv6-adresser eller -nätverk för denna maskin för att filtrera " "sudo-regler" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" "Huruvida regler som innehåller nätgrupper i värdattribut skall inkluderas" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" "Huruvida regler som innehåller reguljära uttryck i värdattribut skall " "inkluderas" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "Objektklass för sudo-regler" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "Namn på attributet som används som objektklass för sudo-regler" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "Sudo-regelnamn" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "Attribut för sudo-regelkommandon" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "Attribut för sudo-regelvärd" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "Attribut för sudo-regelanvändare" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "Attribut för sudo-regelflaggor" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "Sudo-regel-runas-attribut" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "Attribut för sudo-runasuser" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "Attribut på runasgroup i sudo-regel" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "Attribut för sudo-notbefore-regler" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "Attribut för sudo-notafter-regler" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "Attribut för sudo-order-regler" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "Objektklass för avbildningar för automatmonterare" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "Attribut för namn i avbildningar för automatmonterare" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "Objektklass för poster i avbildningar för automatmonterare" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "Attribut för postnycklar i avbildningar för automatmonterare" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "Attribut på postvärde i avbildning för automatmonteraren" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "Bas-DN för uppslagningar i avbildningar för automatmonterare" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "Namnet på automount master-kartan i LDAP." -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "Bas-DN för IP-värd-uppslagningar" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "Objektklass för IP-värdar" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "IP-värdnamnsattribut" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "IP-värdnummer- (adress-)attribut" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "IP-värd-entryUSN-attribut" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "Bas-DN för IP-nätverks-uppslagningar" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "Objektklass för IP-nätverk" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "IP-nätverksnamnsattribut" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "IP-nätverksnummer- (adress-)attribut" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "IP-nätverks-entryUSN-attribut" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "Kommaseparerad lista över tillåtna användare" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "Kommaseparerad lista över förbjudna användare" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." @@ -1938,7 +1938,7 @@ msgstr "" "Kommaseparerad lista över grupper som tillåts logga in. Detta är endast " "tillämpligt på grupper i denna SSSD-domän. Lokala grupper utvärderas inte." -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " @@ -1947,32 +1947,32 @@ msgstr "" "Kommaseparerad lista över grupper som nekas åtkomst. Detta är endast " "tillämpligt på grupper i denna SSSD-domän. Lokala grupper utvärderas inte." -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "Antal ombudsbarn före grening." -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "Namnet på NSS-biblioteket att använda" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" "Namnet på NSS-biblioteket som används för värd- och nätverksuppslagningar" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "Huruvida kanoniska gruppnamn skall slås upp från cachen om möjligt" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "PAM-stack att använda" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "Sökväg till lösenordsfilkällor." -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "Sökväg till gruppfilkällor." @@ -2022,67 +2022,67 @@ msgstr "Kör under %, måste vara root\n" msgid "SSSD is already running\n" msgstr "SSSD kör redan\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "Tillåt kärndumpar" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "En öppen fildeskriptor för felsökningsloggarna" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "Användaren att skapa en FAST-ccache som" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "Gruppen att skapa en FAST-ccache som" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "Använd anonym PKINIT för att begära FAST-skyddad biljett" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "Kerberosrike att använda" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "Begärd livslängd på biljetten" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "Begärd förnybar livslängd på biljetten" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "FAST-flaggor (”never”, ”try”, ”demand”)" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "Anger serverhuvudmannen att använda för FAST" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "Begär kanonisering av huvudmannanamnet" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "Använd en anpassad version av krb5_get_init_creds_password" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "Tevent-kedje-ID använt för loggningssyfte" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "Kontrollera PAC-flaggor" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "talloc_asprintf misslyckades.\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "set_debug_file_from_fd misslyckades.\n" @@ -2090,35 +2090,35 @@ msgstr "set_debug_file_from_fd misslyckades.\n" msgid "Domain of the information provider (mandatory)" msgstr "Domän för informationsleverantören (obligatoriskt)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "Privilegierat uttag (socket) har fel ägarskap eller rättigheter." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "Publikt uttag (socket) har fel ägarskap eller rättigheter." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Oväntat format på serverns kreditivmeddelande." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD körs inte av root." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "SSSD-uttaget finns inte." -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "Kan inte ta status på SSSD-uttaget." -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "Ett fel uppstod, men ingen beskrivning kan hittas." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Oväntat fel vid sökning efter ett felmeddelande" @@ -2126,55 +2126,61 @@ msgstr "Oväntat fel vid sökning efter ett felmeddelande" msgid "Permission denied. " msgstr "Åtkomst nekas. " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Servermeddelande: " #: src/sss_client/pam_sss.c:71 -msgid "Enter PIN:" +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:72 +msgid "Enter PIN:" +msgstr "Ange PIN:" + +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Lösenorden stämmer inte överens" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "Återställning av lösenord av root stöds inte." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Autentiserad med cachade kreditiv" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", ditt cache-lösenord kommer gå ut: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "Ditt lösenord har gått ut. Du har en frist på %1$d inloggningar kvar." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Ditt lösenordet kommer gå ut om %1$d %2$s." -#: src/sss_client/pam_sss.c:627 -#, fuzzy, c-format +#: src/sss_client/pam_sss.c:628 +#, c-format msgid "Your password has expired." -msgstr "Ditt lösenordet kommer gå ut om %1$d %2$s." +msgstr "Ditt lösenordet har gått ut." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "Autentisering nekas till: " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "Systemet är frånkopplat, ändring av lösenord är inte möjligt" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" @@ -2182,65 +2188,71 @@ msgstr "" "Efter att ha ändrat OTP-lösenordet behöver du logga ut och tillbaka in för " "att få en biljett" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "PIN-låst" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Lösenordsändringen misslyckades. " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "Autentisera vid %1$s och tryck på ENTER." -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "Autentisera med PIN %1$s vid %2$s och tryck på ENTER." -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "Sätt (igen) in ett (annat) smartkort" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Nytt lösenord: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Skriv det nya lösenordet igen: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "Första faktorn: " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "Andra faktorn (frivillig): " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "Andra faktorn: " -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." -msgstr "" +msgstr "Sätt in en lösennyckelsenhet, tryck sedan ENTER." -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Lösenord: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "Första faktorn (nuvarande lösenord): " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Nuvarande lösenord: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "Lösenordet har gått ut. Ändra ditt lösenord nu." @@ -2577,9 +2589,8 @@ msgid "Passkey related tools:" msgstr "Lösennyckelrelaterade verktyg:" #: src/tools/sssctl/sssctl.c:348 -#, fuzzy msgid "Perform passkey registration" -msgstr "Utför lösennyckelrelaterade åtgärder" +msgstr "Utför lösennyckelsregistrering" #: src/tools/sssctl/sssctl_cache.c:31 #, c-format @@ -2761,9 +2772,8 @@ msgid "Error while reading configuration directory.\n" msgstr "Fel när konfigurationskatalogen lästes.\n" #: src/tools/sssctl/sssctl_config.c:147 -#, fuzzy msgid "There is no configuration.\n" -msgstr "Misslyckades att läsa konfigurationen från %s.\n" +msgstr "Det finns ingen konfiguration.\n" #: src/tools/sssctl/sssctl_config.c:157 msgid "Failed to run validators" diff --git a/po/tg.po b/po/tg.po index ccda3e7dc05..47ae4c89f08 100644 --- a/po/tg.po +++ b/po/tg.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2014-12-14 11:48-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/" @@ -587,12 +587,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" @@ -676,1162 +676,1166 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 -msgid "IPA domain" +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " msgstr "" #: src/config/SSSDConfig/sssdoptions.py:229 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:230 -msgid "Address of backup IPA server" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:231 -msgid "IPA client hostname" +msgid "Address of backup IPA server" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:232 +msgid "IPA client hostname" +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "Номи гурӯҳ" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "Пароли гурӯҳ" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "Аттрибути GID" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1880,67 +1884,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1948,35 +1952,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" @@ -1984,119 +1988,131 @@ msgstr "" msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Паролҳо номувофиқанд" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, c-format msgid "Your password has expired." msgstr "" -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Пароли нав:" -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Парол:" -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/tr.po b/po/tr.po index eadc09fa674..dcb91b83734 100644 --- a/po/tr.po +++ b/po/tr.po @@ -10,17 +10,17 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2023-04-13 13:20+0000\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" +"PO-Revision-Date: 2023-06-04 04:20+0000\n" "Last-Translator: Kemal Oktay Aktoğan \n" "Language-Team: Turkish \n" +"sssd-2-9/tr/>\n" "Language: tr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n>1);\n" -"X-Generator: Weblate 4.15.2\n" +"X-Generator: Weblate 4.17\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -419,9 +419,8 @@ msgstr "" ": çiftlerinin listesi" #: src/config/SSSDConfig/sssdoptions.py:117 -#, fuzzy msgid "Allow passkey device authentication." -msgstr "Sertifika tabanlı/Akıllı kart kimlik doğrulamasına izin ver." +msgstr "Geçiş anahtarı cihaz kimlik doğrulamasına izin ver." #: src/config/SSSDConfig/sssdoptions.py:118 #, fuzzy @@ -686,12 +685,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "İstemcinin DNS girişinin otomatik olarak güncellenip güncellenmeyeceği" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "Güncelledikten sonra istemcinin DNS girdisine uygulanacak TTL" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "Dinamik DNS güncellemeleri için IP'sinin kullanılması gereken arayüz" @@ -794,38 +793,42 @@ msgstr "" "süreli parola) önbelleğe SHA512 karma olarak kaydedilmesi gereken asgari " "uzunluğu belirler." -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "IPA etki alanı" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "IPA sunucu adresi" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "Yedek IPA sunucusunun adresi" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "IPA istemcisi ana bilgisayar adı" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" "FreeIPA'da istemcinin DNS girdisinin otomatik olarak güncellenip " "güncellenmeyeceği" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "HBAC ile ilgili nesneler için arama tabanı" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "IPA sunucusuna karşı HBAC kurallarının aranması arasındaki süre" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" @@ -833,62 +836,62 @@ msgstr "" "IPA sunucusuna karşı SELinux eşlemelerinin aranması arasındaki saniye " "cinsinden süre" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" "false olarak ayarlanırsa, PAM tarafından verilen ana bilgisayar argümanı yok " "sayılır" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "Bu IPA istemcisinin kullandığı automounter konumu" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "IPA etki alanı hakkında bilgi içeren nesne için arama tabanı" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "Kimlik aralıkları hakkında bilgi içeren nesneler için arama tabanı" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "DNS sitelerini etkinleştirin - konuma dayalı hizmet keşfi" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "Görünüm kapsayıcıları için arama tabanı" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "Görünüm kapsayıcıları için nesne sınıfı" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "Görünümün adıyla birlikte öznitelik" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "Geçersiz kılma nesneleri için nesne sınıfı" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "Asıl nesneye kıyasla öznitelik" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "Kullanıcı geçersiz kılma nesneleri için nesne sınıfı" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "Grup geçersiz kılma nesneleri için nesne sınıfı" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "Masaüstü Profili ile ilgili nesneler için arama tabanı" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" @@ -896,7 +899,7 @@ msgstr "" "IPA sunucusuna karşı Masaüstü Profili kurallarının aranması arasındaki " "saniye cinsinden süre" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" @@ -904,42 +907,42 @@ msgstr "" "Son istek herhangi bir kural bulamadığı zaman, IPA sunucusuna karşı Masaüstü " "Profilleri kurallarının aranması arasındaki dakika cinsinden süre" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "SUBID aralıkları için arama tabanı" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "Erişim denetimini değerlendirmek için hangi kurallar kullanılmalıdır" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "Ana bilgisayarın FQDN'sini içeren LDAP özniteliği." -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "LDAP'daki bir ana bilgisayar girdisinin nesne sınıfı." -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" "Ana bilgisayar nesneleri için arama tabanı olarak verilen dizeyi kullanın." -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "Ana bilgisayarın SSH ortak anahtarlarını içeren LDAP özniteliği." -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "Ağ grubunun NIS alan adını içeren LDAP özniteliği." -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "Ağ grubunun üyelerinin adlarını içeren LDAP özniteliği." -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." @@ -947,7 +950,7 @@ msgstr "" "Ağ grubunun üyesi olan ana bilgisayarların ve ana bilgisayar gruplarının " "FQDN'lerini listeleyen LDAP özniteliği." -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." @@ -955,11 +958,11 @@ msgstr "" "Ağ grubunun doğrudan üyeleri olan ana bilgisayarları ve ana bilgisayar " "gruplarını listeleyen LDAP özniteliği." -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "Ağ grubunun üyeliklerini listeleyen LDAP özniteliği." -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." @@ -967,20 +970,20 @@ msgstr "" "Ağ grubunun doğrudan üyeleri olan sistem kullanıcıları ve grupları " "listeleyen LDAP özniteliği." -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "Ağ grubu adına karşılık gelen LDAP özniteliği." -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "LDAP'daki bir ağ grubu girdisinin nesne sınıfı." -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "Bir LDAP ağ grubu nesnesinin UUID/GUID'sini içeren LDAP özniteliği." -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." @@ -988,11 +991,11 @@ msgstr "" "Kullanıcı eşlemesinin kullanım için etkin olup olmadığını içeren LDAP " "özelliği." -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "\"all\" gibi ana bilgisayar sınıfını içeren LDAP özniteliği." -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." @@ -1000,17 +1003,17 @@ msgstr "" "Bu kuralın eşleştiği tüm ana bilgisayarları/ana bilgisayar gruplarını içeren " "LDAP özniteliği." -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" "Bu kuralın eşleştiği tüm kullanıcıları/grupları içeren LDAP özniteliği." -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "SELinux kullanıcı eşlemesinin adını içeren LDAP özniteliği." -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." @@ -1018,19 +1021,19 @@ msgstr "" "memberUser ve memberHost yerine eşleştirme için kullanılabilen HBAC " "kuralının DN'sini içeren LDAP özniteliği." -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "SELinux kullanıcı dizesinin kendisini içeren LDAP özniteliği." -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "\"all\" gibi kullanıcı sınıfını içeren LDAP özniteliği." -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "Kullanıcı eşlemesinin benzersiz kimliğini içeren LDAP özniteliği." -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." @@ -1039,58 +1042,58 @@ msgstr "" "alanlarından kullanıcı ve grupların aramalarını farklı şekilde " "gerçekleştirmesi gerektiğini belirtir." -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" "Verilen dizeyi güvenilir etki alanları için arama tabanı olarak kullanın." -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "Active Directory etki alanı" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "Etkinleştirilmiş Active Directory etki alanları" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "Active Directory sunucu adresi" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "Active Directory yedek sunucu adresi" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "Active Directory istemci ana bilgisayar adı" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "Erişim ayrıcalıklarını belirlemek için LDAP süzgeci" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "Aramalar için Genel Kataloğun kullanılıp kullanılmayacağı" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "GPO tabanlı erişim kontrolü için çalışma kipi" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "AD sunucusuna karşı GPO ilke dosyalarının aranması arasındaki süre" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" "GPO (Deny)InteractiveLogonRight ilke ayarlarıyla eşleşen PAM hizmet adları" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" @@ -1098,283 +1101,283 @@ msgstr "" "GPO (Deny)RemoteInteractiveLogonRight ilke ayarlarıyla eşleşen PAM hizmet " "adları" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "GPO (Deny)NetworkLogonRight ilke ayarlarıyla eşleşen PAM hizmet adları" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "GPO (Deny)BatchLogonRight ilke ayarlarıyla eşleşen PAM hizmet adları" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "GPO (Deny)ServiceLogonRight ilke ayarlarıyla eşleşen PAM hizmet adları" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "GPO tabanlı erişimin her zaman verildiği PAM hizmet adları" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "GPO tabanlı erişimin her zaman reddedildiği PAM hizmet adları" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" "Eşlenmemiş PAM hizmet adları için kullanmak üzere varsayılan oturum açma " "hakkı (veya izin verme/reddetme)" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "istemci tarafından kullanılacak hususi bir alan" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" "Makine hesabı parolasının yenilenmesinden önceki gün cinsinden azami zaman" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "Makine hesabı yenileme görevini ayarlama seçeneği" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" "Samba veritabanında makine hesabı parolasının güncellenip güncellenmeyeceği" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "LDAP ve Genel Katalog istekleri için LDAPS bağlantı noktasını kullanın" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "Diğer etki alanlarından etki alanı yerel gruplarını süzmeyin" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Kerberos sunucu adresi" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "Kerberos yedek sunucu adresi" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Kerberos bölgesi(realm)" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "Kimlik doğrulama zaman aşımı" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "kdcinfo dosyalarının oluşturulup oluşturulmayacağı" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "krb5 yapılandırma parçacıkları nereye bırakılır" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "Kimlik bilgileri önbelleklerini depolamak için dizin" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "Kullanıcının kimlik bilgileri önbelleğinin konumu" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "Kimlik bilgilerini doğrulamak için anahtarın(keytab) konumu" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "Kimlik doğrulamasını etkinleştir" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" "Çevrimdışıysa daha sonra çevrimiçi kimlik doğrulama için parolayı saklayın" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "TGT'nin yenilenebilir ömrü" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "TGT'nin ömrü" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "Yenileme için iki denetim arasındaki süre" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "FAST'ı etkinleştirir" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "FAST için kullanım ilkesini seçin" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "FAST kimlik bilgilerini istemek için anonim PKINIT kullanın" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "Temel kurallılaştırmayı etkinleştirir" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "Kurumsal ilkeleri etkinleştirir" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "Kimlik doğrulama için alt etki alanlarının kullanılmasını sağlar" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "Kullanıcı adlarından Kerberos asıl adlarına bir eşleme" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "KDC'de değilse parola değiştirme hizmetinin çalıştığı sunucu" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, LDAP sunucusunun URI'si" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "ldap_backup_uri, LDAP sunucusunun URI'si" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "Varsayılan taban DN" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "LDAP sunucusunda kullanılan Şema Türü, rfc2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "Kullanıcı parolasını değiştirmek için kullanılan kip" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "Varsayılan bağlama DN'si" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "Varsayılan bağlama DN'sinin kimlik doğrulama belirtecinin türü" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "Varsayılan bağlama DN'sinin kimlik doğrulama belirteci" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "Bağlantı kurma süresi" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Eşzamanlı LDAP işlemlerini deneme süresi" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "Çevrimdışıyken yeniden bağlanma girişimleri arasındaki süre" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "Bölge(realm) adları için yalnızca büyük harf kullanın" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "CA sertifikalarını içeren dosya" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "CA sertifika dizinine giden yol" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "İstemci sertifikasını içeren dosya" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "İstemci anahtarını içeren dosya" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "Olası şifre paketlerinin listesi" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "TLS sertifika doğrulaması iste" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "Kullanılacak sasl mekanizmasını belirtin" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "Kullanılacak sasl yetkilendirme kimliğini belirtin" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "Kullanılacak sasl yetkilendirme bölgesini(realm) belirtin" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "LDAP sasl yetkilendirmesi için asgari SSF'yi belirtin" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "LDAP sasl yetkilendirmesi için azami SSF'yi belirtin" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "Kerberos hizmet anahtarı(keytab)" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "LDAP bağlantısı için Kerberos yetkilendirmesini kullanın" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "LDAP yönlendirmelerini takip edin" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "LDAP bağlantısı için TGT'nin ömrü" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "Takma adlar nasıl kaldırılır" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "DNS hizmeti aramaları için hizmet adı" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "Tek bir LDAP sorgusunda alınacak kayıt sayısı" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "Tam bir başvuruyu tetiklemek için eksik olması gereken üye sayısı" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "Okunamayan LDAP başvurularını yoksay" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" @@ -1382,7 +1385,7 @@ msgstr "" "LDAP kitaplığının, SASL bağlaması sırasında ana bilgisayar adını standart " "hale getirmek için geriye doğru arama yapıp yapmayacağı" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -1390,404 +1393,404 @@ msgstr "" "RFC2307 şemasını kullanan sunucular için yerel kullanıcıları LDAP grubunun " "üyeleri olarak tutmaya izin verir." -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "entryUSN özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "lastUSN özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" "LDAP sunucusuyla bağlantıyı kesmeden önce bağlantının ne kadar süreyle " "korunacağı" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "LDAP sayfalama denetimini devre dışı bırakın" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "Active Directory aralığı almayı devre dışı bırakın" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "Arama isteğini bekleme süresi" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "Numaralandırma isteğini bekleme süresi" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "Numaralandırma güncelleştirmeleri arasındaki süre" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "Numaralandırma güncellemeleri arasındaki azami dönem sapması" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "Önbellek temizlemeleri arasındaki süre" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "Önbellek temizlemeleri arasındaki azami süre sapması" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "Kimlik aramaları için TLS iste" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" "Önceden ayarlanmış kimlikler yerine objectSID'nin kimlik eşlemesini kullanın" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "Kullanıcı aramaları için taban DN" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "Kullanıcı aramalarının kapsamı" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "Kullanıcı aramaları için süzgeç" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "Kullanıcılar için nesne sınıfı" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "Kullanıcı adı özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "UID özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "Birincil GID özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "GECOS özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "Ev dizini özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "Kabuk özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "UUID özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "objectSID özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "Kimlik eşleme için Active Directory birincil grup özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "Kullanıcı asıl özniteliği (Kerberos için)" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "Tam Ad" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "memberOf özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "Değişiklik zamanı özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "shadowLastChange özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "shadowMin özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "shadowMax özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "shadowWarning özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "shadowInactive özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "shadowExpire özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "shadowFlag özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "Yetkili PAM hizmetlerinin öznitelik listesi" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "Yetkili sunucu ana bilgisayarlarını listeleyen öznitelik" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "Yetkili sunucu rhost'larını listeleyen öznitelik" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "krbLastPwdChange özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "krbPasswordExpiration özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "Sunucu tarafı parola ilkelerinin etkin olduğunu belirten öznitelik" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "AD'nin accountExpires özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "AD'nin userAccountControl özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "nsAccountLock özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "NDS'nin loginDisabled özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "NDS'nin loginExpirationTime özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "NDS'nin loginAllowedTimeMap özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "SSH açık anahtar(pubkey) özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" "bir kullanıcı için izin verilen kimlik doğrulama türlerini listeleyen " "öznitelik" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "kullanıcının X509 sertifikasını içeren öznitelik" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "kullanıcının e-posta adresini içeren öznitelik" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 #, fuzzy msgid "attribute containing the passkey mapping data of the user" msgstr "kullanıcının e-posta adresini içeren öznitelik" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "Kullanıcı girişi ile birlikte indirilecek ek özniteliklerin listesi" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "Grup aramaları için taban DN" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "Gruplar için nesne sınıfı" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "Grup adı" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "Grup parolası" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "GID özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "Grup üyesi özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "Grup UUID özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "Gruplar için değişiklik zamanı özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "Grubun türü ve diğer bayraklar" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "LDAP grubu harici üye özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "SSSD'nin izleyeceği azami yuvalama seviyesi" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "Grup aramaları için süzgeç" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "Grup aramalarının kapsamı" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "Ağ grubu aramaları için taban DN" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "Ağ grupları için nesne sınıfı" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "Ağ grubu adı" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "Ağ grupları üyeleri özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "Ağ grubu üçlü özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "Ağ grupları için değişiklik zamanı özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "Hizmet aramaları için taban DN" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "Hizmetler için nesne sınıfı" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "Hizmet adı özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "Hizmet bağlantı noktası özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "Hizmet protokolü özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "Kimlik eşleme için alt sınır" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "Kimlik eşleme için üst sınır" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "Kimlik eşlemesi yapılırken her dilim için kimlik sayısı" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "Kimlik eşleme için otomatik kimlik eşleme uyumlu algoritmayı kullanın" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "Kimlik eşlemesi için varsayılan etki alanının adı" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "Kimlik eşleme için varsayılan etki alanının SID'si" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "İkincil dilim sayısı" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "Belirteç Gruplarının(Token-Groups) kullanılıp kullanılmayacağı" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "LDAP sunucusundan izin verilen kimlikler için alt sınır belirleme" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "LDAP sunucusundan izin verilen kimlikler için üst sınır belirleme" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "Parola ilkesi sorguları için DN" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "Bir joker karakter isteği sırasında alınacak azami girdi sayısı" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "libldap hata ayıklama düzeyini ayarla" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "Parola süresinin dolmasını değerlendirme ilkesi" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" "Bir hesabın süresinin dolup dolmadığını değerlendirmek için hangi " "öznitelikler kullanılır" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "Parola değişikliklerine izin verilen bir LDAP sunucusunun URI'si" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "Parola değişikliklerine izin verilen bir yedek LDAP sunucusunun URI'si" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "LDAP parola değiştirme sunucusu için DNS hizmet adı" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" @@ -1795,29 +1798,29 @@ msgstr "" "Parola değişikliğinden sonra ldap_user_shadow_last_change özniteliğinin " "güncelleştirilip güncelleştirilmeyeceği" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "Sudo kuralları aramaları için taban DN" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "Otomatik tam yenileme süresi" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "Otomatik akıllı yenileme süresi" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "Akıllı ve tam yenileme rastgele aralığı" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" "Kuralların ana bilgisayar adına, IP adreslerine ve ağa göre süzülüp " "süzülmeyeceği" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" @@ -1825,153 +1828,153 @@ msgstr "" "Sudo kurallarını süzmek için bu makinenin ana bilgisayar adları ve/veya tam " "etki alanı adları(FQDN)" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" "Sudo kurallarını süzmek için IPv4 veya IPv6 adresleri veya bu makinenin ağı" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" "Ana bilgisayar özniteliğine ağ grubu içeren kuralların dahil edilip " "edilmeyeceği" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" "Ana bilgisayar özniteliğinde düzenli ifade içeren kuralların dahil edilip " "edilmeyeceği" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "Sudo kuralları için nesne sınıfı" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "Sudo kuralları için nesne sınıfı olarak kullanılan özniteliğin adı" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "Sudo kural adı" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "Sudo kuralı komut(command) özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "Sudo kuralı ana bilgisayar(host) özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "Sudo kuralı kullanıcı(user) özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "Sudo kuralı seçenek(option) özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "Sudo kuralı farklı çalıştır(runas) özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "Sudo kuralı farklı kullanıcı ile çalıştır(runasuser) özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "Sudo kuralı farklı grup ile çalıştır(runasgroup) özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "Sudo kuralı önce değil(notbefore) özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "Sudo kuralı sonra değil(notafter) özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "Sudo kuralı sıra(order) özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "Otomatik bağlayıcı eşlemeleri için nesne sınıfı" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "Otomatik bağlayıcı eşleme adı özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "Otomatik bağlayıcı eşleme girdileri için nesne sınıfı" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "Otomatik bağlayıcı eşleme girdisi anahtar özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "Otomatik bağlayıcı eşleme girdisi değeri özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "Otomatik bağlayıcı eşleme aramaları için taban DN" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "LDAP'deki otomatik bağlama ana eşlemesinin adı." -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "IP ana bilgisayar aramaları için taban DN" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "IP ana bilgisayarları için nesne sınıfı" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "IP ana bilgisayar adı özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "IP ana bilgisayar numarası (address) özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "IP ana bilgisayar entryUSN özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "IP ağları aramaları için taban DN" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "IP ağları için nesne sınıfı" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "IP ağ adı özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "IP ağ numarası (address) özelliği" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "IP ağ entryUSN özniteliği" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "İzin verilen kullanıcıların virgülle ayrılmış listesi" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "Yasaklanmış kullanıcıların virgülle ayrılmış listesi" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." @@ -1980,7 +1983,7 @@ msgstr "" "yalnızca bu SSSD etki alanındaki gruplar için geçerlidir. Yerel gruplar " "değerlendirilmez." -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " @@ -1990,32 +1993,32 @@ msgstr "" "bu SSSD etki alanındaki gruplar için geçerlidir. Yerel gruplar " "değerlendirilmez." -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "Önceden çatallanmış vekil alt öğelerinin sayısı." -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "Kullanılacak NSS kitaplığının adı" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" "Ana bilgisayarlar ve ağ aramaları için kullanılacak NSS kitaplığının adı" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "Mümkünse önbellekten standart grup adının aranıp aranmayacağı" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "Kullanılacak PAM yığını" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "Parola dosya kaynaklarının yolu." -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "Grup dosya kaynaklarının yolu." @@ -2064,67 +2067,67 @@ msgstr "% altında çalışıyor, yetkili kullanıcı(root) olmalı\n" msgid "SSSD is already running\n" msgstr "SSSD zaten çalışıyor\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "Çekirdek dökümlerine izin ver" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "Hata ayıklama günlükleri için açık bir dosya tanımlayıcısı" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "Kullanıcı olarak FAST ccache oluştur" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "Grup olarak FAST ccache oluştur" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "FAST kimlik bilgilerini istemek için anonim PKINIT kullanın" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "Kullanılacak Kerberos bölgesi" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "Biletin talep edilen kullanım ömrü" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "Biletin talep edilen yenilenebilir kullanım ömrü" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "FAST seçenekleri ('never', 'try', 'demand')" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "FAST için kullanılacak sunucu sorumlusunu belirtir" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "Ana adın standartlaştırılmasını ister" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "krb5_get_init_creds_password'ün özel sürümünü kullanın" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "Günlük kaydı amacıyla kullanılan olay zinciri kimliği" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "PAC bayraklarını denetleyin" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "talloc_asprintf başarısız oldu.\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "set_debug_file_from_fd başarısız oldu.\n" @@ -2132,36 +2135,36 @@ msgstr "set_debug_file_from_fd başarısız oldu.\n" msgid "Domain of the information provider (mandatory)" msgstr "Bilgi sağlayıcısının etki alanı (zorunlu)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" "Ayrıcalıklı yuva(privileged socket) yanlış sahiplik veya izinlere sahip." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "Ortak yuva(public socket) yanlış sahiplik veya izinlere sahip." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Sunucu kimlik bilgisi iletisinin beklenmeyen biçimi." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD yetkili kullanıcı(root) tarafından çalıştırılmaz." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "SSSD yuvası(socket) mevcut değil." -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "SSSD yuvasının(socket) istatistiği alınamıyor." -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "Bir hata oluştu, ancak açıklama bulunamadı." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Hata açıklaması aranırken beklenmeyen hata" @@ -2169,55 +2172,61 @@ msgstr "Hata açıklaması aranırken beklenmeyen hata" msgid "Permission denied. " msgstr "İzin reddedildi. " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Sunucu iletisi: " #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Parolalar eşleşmiyor" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "Yönetici tarafından parola sıfırlama desteklenmez." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Önbelleğe alınmış kimlik bilgileriyle doğrulandı" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", önbelleğe alınmış parolanızın süresi şu tarihte sona erecek: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "Parolanızın süresi doldu. %1$d ek oturum açma hakkınız kaldı." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Parolanızın süresi %1$d %2$s içinde dolacak." -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr "Parolanızın süresi %1$d %2$s içinde dolacak." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "Kimlik doğrulama şu ana kadar reddedilir: " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "Sistem çevrimdışı, şifre değişikliği mümkün değil" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" @@ -2225,65 +2234,71 @@ msgstr "" "OTP şifresini değiştirdikten sonra bilet almak için oturumu kapatıp tekrar " "açmanız gerekir" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "PIN kilitli" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Parola değişikliği başarısız oldu. " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "%1$s'de kimlik doğrulaması yapın ve ENTER'a basın." -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "%2$s'de %1$s PIN'i ile kimlik doğrulaması yapın ve ENTER'a basın." -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "Lütfen (farklı bir) Akıllı Kartı (yeniden) yerleştirin" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Yeni Parola: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Yeni parolayı tekrar giriniz: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "Birinci Etken: " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "İkinci Etken (isteğe bağlı): " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "İkinci Etken: " -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Parola: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "Birinci Etken (Geçerli Parola): " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Geçerli Parola: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "Parolanızın zamanı doldu. Parolanızı şimdi değiştirin." diff --git a/po/uk.po b/po/uk.po index f3acacd499f..aee0ac9d4a9 100644 --- a/po/uk.po +++ b/po/uk.po @@ -15,18 +15,18 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2022-12-12 14:09+0000\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" +"PO-Revision-Date: 2023-06-02 05:50+0000\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian \n" +"sssd-2-9/uk/>\n" "Language: uk\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && " "n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" -"X-Generator: Weblate 4.14.2\n" +"X-Generator: Weblate 4.17\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -178,9 +178,8 @@ msgid "Enable or disable core dumps for all SSSD processes." msgstr "Увімкнути або вимкнути дампи ядра для усіх процесів SSSD." #: src/config/SSSDConfig/sssdoptions.py:58 -#, fuzzy msgid "Tune passkey verification behavior" -msgstr "Скоригувати перевірку сертифікатів" +msgstr "Скоригувати поведінку при перевірці пароля" #: src/config/SSSDConfig/sssdoptions.py:61 msgid "Enumeration cache timeout length (seconds)" @@ -430,20 +429,18 @@ msgstr "" "примусово встановлено доступ PAM із розпізнаванням GSSAPI" #: src/config/SSSDConfig/sssdoptions.py:117 -#, fuzzy msgid "Allow passkey device authentication." -msgstr "Дозволити розпізнавання за сертифікатом або смарткарткою." +msgstr "Дозволити розпізнавання за допомогою пристрою пароля." #: src/config/SSSDConfig/sssdoptions.py:118 -#, fuzzy msgid "How many seconds will pam_sss wait for passkey_child to finish" msgstr "" "Час у секундах, протягом якого pam_sss очікуватиме на завершення роботи " -"p11_child" +"passkey_child" #: src/config/SSSDConfig/sssdoptions.py:119 msgid "Enable debugging in the libfido2 library" -msgstr "" +msgstr "Увімкнути діагностику у бібліотеці libfido2" #: src/config/SSSDConfig/sssdoptions.py:122 msgid "Whether to evaluate the time-based attributes in sudo rules" @@ -703,13 +700,13 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "Визначає, чи слід автоматично оновлювати запис DNS клієнта" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" "TTL, який слід застосовувати до запису DNS клієнта після його оновлення" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "Інтерфейс, чию адресу IP має бути використано для динамічних оновлень DNS" @@ -816,107 +813,111 @@ msgstr "" "розпізнавання (довготривалого пароля), який має бути збережено у форматі " "контрольної суми SHA512 у кеші." -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "Домен IPA" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "Адреса сервера IPA" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "Адреса резервного сервера IPA" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "Назва вузла клієнта IPA" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" "Визначає, чи слід автоматично оновлювати запис DNS клієнтського вузла у " "FreeIPA" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "Шукати у базі об’єкти, пов’язані з HBAC" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" "Інтервал часу між послідовними сеансами пошуку правил HBAC на сервері IPA" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "Час, у секундах, між пошуками у картах SELinux на сервері IPA" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" "Якщо встановлено значення «false», аргумент вузла, наданий PAM, буде " "проігноровано" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "Адреса автоматичного монтування, яку використовує цей клієнт IPA" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "Шукати у базі об’єкт, що містить дані щодо домену IPA" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "Шукати у базі об’єкти, що містять дані щодо діапазонів ідентифікаторів" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "Увімкнути сайти DNS — визначення служб на основі адрес" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "Шукати у базі контейнери перегляду" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "Клас об’єктів для контейнерів перегляду" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "Атрибут із назвою перегляду" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "Клас об’єктів для об’єктів перевизначення" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "Атрибут із посиланням на початковий об’єкт" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "Клас об’єктів для об’єктів перевизначення користувачів" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "Клас об’єктів для об’єктів перевизначення груп" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "Шукати у базі пов'язані і профілями станцій об'єкти" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" "Час, у секундах, між пошуками у правилах профілів станцій на сервері IPA" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" @@ -924,43 +925,43 @@ msgstr "" "Час, у хвилинах, між пошуками у правилах профілів станцій на сервері IPA, " "якщо під час останнього запиту не було знайдено жодного правила" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "Основа пошуку для діапазонів SUBID" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" "Правила, які має бути використано для визначення достатності прав доступу" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "Атрибут LDAP, який містить FQDN вузла." -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "Клас об’єктів запису вузла у LDAP." -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "Використати вказаний рядок як основу пошуку об’єктів вузлів." -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "Атрибут LDAP, який містить відкриті ключі SSH вузла." -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "Атрибут LDAP, який містить назву домену NIS мережевої групи." -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" "Атрибут LDAP, у якому містяться імена учасників мережевої групи (netgroup)." -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." @@ -968,7 +969,7 @@ msgstr "" "Атрибут LDAP, у якому міститься список FQDN вузлів і груп вузлів, які є " "учасниками мережевої групи." -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." @@ -976,11 +977,11 @@ msgstr "" "Атрибут LDAP, у якому міститься список вузлів і груп вузлів, які є " "безпосередніми учасниками мережевої групи." -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "Атрибут LDAP, у якому міститься список учасників мережевої групи." -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." @@ -988,20 +989,20 @@ msgstr "" "Атрибут LDAP, у якому міститься список загальносистемних користувачів та " "груп, які є безпосередніми учасниками мережевої групи." -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "Атрибут LDAP, що відповідає назві мережевої групи (netgroup)." -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "Клас об’єктів запису мережевої групи (netgroup) у LDAP." -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта мережевої групи LDAP." -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." @@ -1009,11 +1010,11 @@ msgstr "" "Атрибут LDAP, який визначає, чи увімкнено для користування карту " "користувачів." -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "Атрибут LDAP, який містить категорію вузла, зокрема «all»." -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." @@ -1021,18 +1022,18 @@ msgstr "" "Атрибут LDAP, який містить усі вузли або групи вузлів, для яких " "встановлюється відповідність цього правила." -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" "Атрибут LDAP, який містить усі записи користувачів або груп, для яких " "встановлюється відповідність цього правила." -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "Атрибут LDAP, що містить назву карти користувачів SELinux." -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." @@ -1040,20 +1041,20 @@ msgstr "" "Атрибут LDAP, який містить DN правила HBAC, яким можна скористатися для " "встановлення відповідності замість memberUser і memberHost." -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "Атрибут LDAP, який містить сам рядок користувача SELinux." -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "Атрибут LDAP, який містить категорію користувача, зокрема «all»." -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" "Атрибут LDAP, який містить унікальний ідентифікатор карти користувачів." -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." @@ -1061,51 +1062,51 @@ msgstr "" "За допомогою цього параметра можна визначити, чи працює SSSD на сервері IPA " "і має виконувати пошуки користувачів і груп з довірених доменів окремо." -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "Використати вказаний рядок як основу пошуку надійних доменів." -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "Домен Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "Увімкнені домени Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "Адреса сервера Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "Адреса резервного сервера Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "Назва клієнтського вузла Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "Фільтр LDAP для визначення прав доступу" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "Чи слід використовувати загальний каталог для пошуку" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "Режим роботи для керування доступом на основі GPO" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" "Інтервал часу між послідовними сеансами пошуку правил GPO на сервері AD" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" @@ -1113,7 +1114,7 @@ msgstr "" "Назви служб PAM, які виконують прив’язування до параметрів правил GPO " "(Deny)InteractiveLogonRight" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" @@ -1121,299 +1122,299 @@ msgstr "" "Назви служб PAM, які виконують прив’язування до параметрів правил GPO " "(Deny)RemoteInteractiveLogonRight" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" "Назви служб PAM, які виконують прив’язування до параметрів правил GPO " "(Deny)NetworkLogonRight" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" "Назви служб PAM, які виконують прив’язування до параметрів правил GPO " "(Deny)BatchLogonRight" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" "Назви служб PAM, які виконують прив’язування до параметрів правил GPO " "(Deny)ServiceLogonRight" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "Назви служб PAM, яким завжди надається доступ на основі GPO" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "Назви служб PAM, яким ніколи не надається доступ на основі GPO" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" "Типове правило входу (або допуск/заборона), яким слід користуватися для " "неприв’язаних назв служб PAM" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "певний сайт, який слід використовувати клієнту" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" "Максимальний вік пароля облікового запису комп'ютера, при досягненні якого " "пароль має бути оновлено" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" "Параметр налаштовування завдання оновлення облікових записів комп’ютерів" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" "Визначає, чи слід оновлювати пароль облікового запису комп'ютера у базі " "даних Samba" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "Використовувати порт LDAPS для запитів LDAP і загального каталогу (GC)" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "Не фільтрувати локальні групи домену з інших доменів" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Адреса сервера Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "Адреса резервного сервера Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Область Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "Час очікування на розпізнавання" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "Визначає, чи слід створювати файли kdcinfo" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "Місце, куди слід скидати фрагменти налаштувань krb5" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "Каталог, де зберігатиметься кеш реєстраційних даних" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "Адреса кешу реєстраційних даних користувача" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "Адреса таблиці ключів для перевірки реєстраційних даних" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "Увімкнути перевірку реєстраційних даних" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "Зберігати пароль у автономному режимі для розпізнавання у мережі" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "Поновлюваний строк дії TGT" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "Строк дії TGT" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "Граничний час між двома перевірками для поновлення" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "Вмикає FAST" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "Визначає реєстраційний запис, який слід використовувати для FAST" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "Анонімні PKINIT для запитів щодо реєстраційних даних FAST" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "Вмикає перетворення реєстраційних записів у канонічну форму" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "Увімкнути промислові реєстраційні дані" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "Вмикає використання областей піддоменів для розпізнавання" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "Прив’язка імен користувачів до основних імен Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Сервер, на якому запущено службу зміни паролів, якщо такий не вдасться " "виявити у KDC" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, адреса URI сервера LDAP" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "ldap_backup_uri, адреса сервера LDAP" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "Типова базова назва домену" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Тип схеми, використаний на сервері LDAP, rfc2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "Режим для зміни пароля користувача" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "Типова назва домену прив’язки" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "Тип розпізнавання для типової назви сервера прив’язки" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "Лексема розпізнавання типової назви сервера прив’язки" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "Проміжок часу між спробами встановлення з’єднання" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Проміжок часу між спробами виконання синхронних операцій LDAP" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" "Проміжок часу між повторними спробами встановлення з’єднання у автономному " "режимі" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "Використовувати для назв областей лише великі літери" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "Файл, що містить сертифікати CA" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "Шлях до каталогу сертифікатів CA" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "Файл, що містить клієнтський сертифікат" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "Файл, що містить клієнтський ключ" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "Показати список можливих інструментів шифрування" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "Потрібна перевірка сертифіката TLS" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "Вкажіть механізм SASL, який слід використовувати" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "Вкажіть ідентифікатор уповноваження SASL, який слід використовувати" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "Вкажіть область уповноваження SASL, яку слід використовувати" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" "Вказати мінімальне значення SSF для розпізнавання на LDAP за допомогою sasl" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" "Вказати максимальне значення SSF для розпізнавання на LDAP за допомогою sasl" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "Таблиця ключів служби Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "Розпізнавання Kerberos для з’єднання LDAP" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "Переходити за посиланнями LDAP" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "Строк дії TGT для з’єднання LDAP" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "Спосіб розіменування псевдонімів" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "Назва служби для пошуків за допомогою служби DNS" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "Кількість записів, які слід отримувати у відповідь на один запит LDAP" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" "Кількість учасників, яких має не вистачати для вмикання повного скасування " "посилань" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "Ігнорувати непридатні до читання посилання LDAP" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" @@ -1421,7 +1422,7 @@ msgstr "" "Визначає, чи має бібліотека LDAP виконувати зворотній пошук з метою " "переведення назв вузлів у канонічну форму під час прив’язки до SASL" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -1429,410 +1430,409 @@ msgstr "" "Надає змогу зберігати локальних користувачів як учасників групи LDAP для " "серверів, у яких використовується схема RFC2307." -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "Атрибут entryUSN" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "Атрибут lastUSN" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "Тривалість підтримування з’єднання з сервером LDAP перед роз’єднанням" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "Вимкнути контроль сторінок у LDAP" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "Вимкнути отримання діапазонів Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "Тривалість очікування на дані запиту пошуку" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "Тривалість очікування на дані запиту щодо переліку" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "Проміжок часу між оновленнями нумерації" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "Максимальне відхилення періоду між оновленнями переліку" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "Проміжок часу між спорожненнями кешу" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "Максимальне відхилення часу між чищеннями кешу" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "Вимагати TLS для пошуків ідентифікаторів" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" "Використовувати відповідності ідентифікаторів objectSID замість попередньо " "встановлених ідентифікаторів" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "Базова назва домену для пошуків користувачів" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "Діапазон пошуків користувачів" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "Фільтр пошуку користувачів" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "Клас об’єктів для користувачів" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "Атрибут імені користувача" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "Атрибут UID" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "Головний атрибут GID" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "Атрибут GECOS" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "Атрибут домашнього каталогу" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "Атрибут оболонки" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "Атрибут UUID" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "Атрибут objectSID" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" "Атрибут основної групи Active Directory для встановлення відповідності " "ідентифікатора" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "Атрибут реєстраційного запису користувача (для Kerberos)" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "Повне ім'я" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "Атрибут memberOf" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "Атрибут часу зміни" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "Атрибут shadowLastChange" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "Атрибут shadowMin" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "Атрибут shadowMax" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "Атрибут shadowWarning" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "Атрибут shadowInactive" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "Атрибут shadowExpire" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "Атрибут shadowFlag" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "Атрибути зі списком уповноважених служб PAM" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "Атрибути зі списком уповноважених серверних вузлів" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "Атрибути зі списком уповноважених серверних r-вузлів" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "Атрибут krbLastPwdChange" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "Атрибут krbPasswordExpiration" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" "Атрибут, що відповідає за активізацію правил обробки паролів на боці сервера" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "Атрибут accountExpires AD" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "Атрибут userAccountControl AD" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "Атрибут nsAccountLock" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "Атрибут loginDisabled NDS" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "Атрибут loginExpirationTime NDS" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "Атрибут loginAllowedTimeMap NDS" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "Атрибут відкритого ключа SSH" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "атрибут зі списком дозволених типів розпізнавання для користувача" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "атрибут, що містить сертифікат X509 користувача" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "атрибут, що містить адресу електронної пошти користувача" -#: src/config/SSSDConfig/sssdoptions.py:449 -#, fuzzy +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" -msgstr "атрибут, що містить адресу електронної пошти користувача" +msgstr "атрибут, що містить дані прив'язки ключа користувача" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" "Список додаткових атрибутів, які слід отримувати разом із записом користувача" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "Базова назва домену для пошуків груп" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "Клас об’єктів для груп" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "Назва групи" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "Пароль групи" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "Атрибут GID" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "Атрибут членства у групі" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "Атрибут UUID групи" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "Атрибут часу зміни для груп" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "Тип групи та інші прапорці" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "Атрибут групи LDAP зовнішнього учасника" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "Максимальний рівень вкладеності, який використовуватиме SSSD" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "Фільтр пошуку груп" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "Область пошуку груп" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "Базова назва домену для пошуків груп у мережі" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "Клас об’єктів для груп у мережі" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "Назва мережевої групи" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "Атрибут членства у групах у мережі" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "Атрибут трійки груп у мережі" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "Атрибут часу зміни для мережевих груп" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "Базова сервер назв домену для пошуку служб" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "Клас об’єктів для служб" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "Атрибут назви служби" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "Атрибут порту служби" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "Атрибут протоколу служби" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "Нижня межа встановлення відповідності ідентифікатора" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "Верхня межа встановлення відповідності ідентифікатора" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" "Кількість ідентифікаторів для кожного зрізу під час встановлення " "відповідності ідентифікаторів" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" "Використовувати для встановлення відповідності ідентифікаторів алгоритм, " "сумісний з autorid" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "Назва типового домену для встановлення відповідності ідентифікаторів" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "SID типового домену для встановлення відповідності ідентифікаторів" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "Кількість вторинних зрізів" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "Визначає, чи слід використовувати крупи реєстраційних записів" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "Встановити нижню межу для дозволених ідентифікаторів із сервера LDAP" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "Встановити верхню межу для дозволених ідентифікаторів із сервера LDAP" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "DN для запитів щодо ppolicy" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" "Максимальна кількість записів для отримання під час обробки запитів із " "замінниками" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "Встановити рівень діагностики для libldap" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "Правила оцінки завершення строку дії пароля" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" "Атрибути які слід використовувати для визначення чинності облікового запису" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "Адреса на сервері LDAP, для якої можливі зміни паролів" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "Адреса резервного сервера LDAP, для якої можливі зміни паролів" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "Назва у службі DNS сервера зміни паролів LDAP" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" @@ -1840,29 +1840,29 @@ msgstr "" "Визначає, чи слід оновлювати атрибут ldap_user_shadow_last_change після " "зміни пароля" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "Базова назва домену для пошуків правил sudo" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "Період автоматичного повного оновлення даних" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "Період автоматичного кмітливого оновлення даних" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "Випадковий кмітливий відступ і відступ повного оновлення" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" "Визначає, чи слід фільтрувати правила за назвами вузлів, IP-адресами та " "мережами" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" @@ -1870,155 +1870,155 @@ msgstr "" "Назви вузлів і/або повні назви у домені для цього комп’ютера для " "фільтрування списку правил sudo" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" "Адреси IPv4 або IPv6 чи мережа цього комп’ютера для фільтрування списку " "правил sudo" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" "Визначає, чи слід включати правила, що містять мережеву групу у атрибуті " "вузла" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" "Визначає, чи слід включати правила, що містять формальний вираз у атрибуті " "вузла" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "Клас об’єктів для правил sudo" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "Назва атрибута, який використано як клас об'єктів для правил sudo" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "Назва правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "Атрибут команди правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "Атрибут вузла правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "Атрибут користувача правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "Атрибут параметрів правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "Атрибут runas правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" "Атрибут користувача, від імені якого виконуватиметься запуск, правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "Атрибут групи, від імені якої виконуватиметься запуск, правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "Атрибут граничного часу початку дії правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "Атрибут граничного часу завершення дії правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "Атрибут порядку правила sudo" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "Клас об’єктів для карт автоматичного монтування" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "Атрибут назви карти автоматичного монтування" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "Клас об’єктів для записів карт автоматичного монтування" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "Атрибут ключа запису карти автоматичного монтування" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "Атрибут значення запису карти автоматичного монтування" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "Базовий сервер назв домену для пошуків карти автоматичного монтування" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "Назва основної карти автоматичного монтування у LDAP." -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "Базова назва домену для пошуків IP-вузлів" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "Клас об'єктів для IP-вузлів" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "Атрибут назви IP-вузла" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "Атрибут номер (адреси) IP-вузла" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "Атрибут entryUSN IP-вузла" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "Базова назва домену для пошуків IP-мереж" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "Клас об'єктів для IP-мереж" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "Атрибут назви IP-мережі" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "Атрибут номер (адреси) IP-мережі" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "Атрибут entryUSN IP-мережі" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "Відокремлений комами список дозволених користувачів" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "Відокремлений комами список заборонених користувачів" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." @@ -2027,7 +2027,7 @@ msgstr "" "системи. Стосується лише груп у межах цього домену SSSD. Локальні групи не " "обробляються." -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " @@ -2037,34 +2037,34 @@ msgstr "" "Стосується лише груп у межах цього домену SSSD. Локальні групи не " "обробляються." -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "Кількість попередньо відгалужених дочірніх проксі-записів." -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "Назва бібліотеки NSS, яку слід використовувати" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" "Назва бібліотеки NSS, яку слід використовувати для пошуків вузлів і мереж" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" "Визначає, чи слід виконувати пошук канонічної назви групи у кеші, якщо це " "можливо" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "Стек PAM, який слід використовувати" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "Шлях до початкового тексту файла passwd." -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "Шлях до початкового тексту файла group." @@ -2114,69 +2114,69 @@ msgstr "Запущено від імені %, а має бути від msgid "SSSD is already running\n" msgstr "SSSD вже запущено\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "Дозволити дампи ядра" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "Дескриптор відкритого файла для запису журналів діагностики" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "Користувач, від імені якого слід створити ccache FAST" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "Група, від імені якої слід створити ccache FAST" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "Анонімний PKINIT для запитів щодо квитка захисту FAST" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "Область Kerberos, якою слід скористатися" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "Запитаний строк дії квитка" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "Запитаний час оновлення строку дії квитка" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "Параметри FAST ('never', 'try', 'demand')" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" "Визначає реєстраційний запис сервера, який слід використовувати для FAST" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "Вимагає перетворення реєстраційного запису у канонічну форму" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "Використовувати нетипову версію krb5_get_init_creds_password" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" "Ідентифікатор ланцюжка Tevent, який використовується для ведення журналу" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "Перевірити прапорці PAC" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "Помилка talloc_asprintf.\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "Помилка set_debug_file_from_fd.\n" @@ -2184,35 +2184,35 @@ msgstr "Помилка set_debug_file_from_fd.\n" msgid "Domain of the information provider (mandatory)" msgstr "Домен надання відомостей (обов’язковий)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "У привілейованого сокета помилковий власник або права доступу." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "У відкритого сокета помилковий власник або права доступу." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Некоректний формат повідомлення щодо реєстраційних даних сервера." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD запущено не від імені користувача root." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "Сокета SSSD не існує." -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "Не вдалося отримати статистику щодо сокета SSSD." -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "Сталася помилка, але не вдалося знайти її опису." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Неочікувана помилка під час пошуку опису помилки" @@ -2220,55 +2220,61 @@ msgstr "Неочікувана помилка під час пошуку опи msgid "Permission denied. " msgstr "Відмовлено у доступі. " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Повідомлення сервера: " #: src/sss_client/pam_sss.c:71 -msgid "Enter PIN:" +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:72 +msgid "Enter PIN:" +msgstr "Введіть PIN:" + +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Паролі не збігаються" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "Підтримки скидання пароля користувачем root не передбачено." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Розпізнано за реєстраційними даними з кешу" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", строк дії вашого кешованого пароля завершиться: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "Строк дії вашого пароля вичерпано. Залишилося %1$d резервних входи." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Строк дії вашого пароля завершиться за %1$d %2$s." -#: src/sss_client/pam_sss.c:627 -#, fuzzy, c-format +#: src/sss_client/pam_sss.c:628 +#, c-format msgid "Your password has expired." -msgstr "Строк дії вашого пароля завершиться за %1$d %2$s." +msgstr "Строк дії вашого пароля вичерпано." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "Розпізнавання заборонено до: " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "Система працює у автономному режимі, зміна пароля неможлива" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" @@ -2276,66 +2282,72 @@ msgstr "" "Після зміни пароля OTP вам слід вийти із системи і увійти до неї знову, щоб " "отримати про квиток" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "PIN заблоковано" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Спроба зміни пароля зазнала невдачі. " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "Пройдіть розпізнавання на %1$s і натисніть ENTER." -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" "Пройдіть розпізнавання за допомогою PIN %1$s на %2$s і натисніть ENTER." -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "Будь ласка, вставте (повторно) (іншу) смарт-картку" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Новий пароль: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Ще раз введіть новий пароль: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "Перший фактор: " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "Другий фактор (необов'язковий): " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "Другий фактор: " -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." -msgstr "" +msgstr "Вставте ваш пристрій ключа і натисніть клавішу ENTER." -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Пароль: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "Перший фактор (поточний пароль): " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Поточний пароль: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "Строк дії пароля вичерпано. Змініть ваш пароль." @@ -2673,9 +2685,8 @@ msgid "Passkey related tools:" msgstr "Пов'язані із ключем інструменти:" #: src/tools/sssctl/sssctl.c:348 -#, fuzzy msgid "Perform passkey registration" -msgstr "Виконати пов'язані із ключем дії" +msgstr "Виконати реєстрацію ключа" #: src/tools/sssctl/sssctl_cache.c:31 #, c-format @@ -2858,9 +2869,8 @@ msgid "Error while reading configuration directory.\n" msgstr "Помилка під час спроби прочитати каталог налаштувань.\n" #: src/tools/sssctl/sssctl_config.c:147 -#, fuzzy msgid "There is no configuration.\n" -msgstr "Не вдалося завантажити налаштування з %s.\n" +msgstr "Немає налаштувань.\n" #: src/tools/sssctl/sssctl_config.c:157 msgid "Failed to run validators" diff --git a/po/zh_CN.po b/po/zh_CN.po index c12dfc823d0..aa3b0e3fb63 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -13,17 +13,17 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2023-03-02 09:20+0000\n" -"Last-Translator: Ludek Janda \n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" +"PO-Revision-Date: 2023-07-24 17:20+0000\n" +"Last-Translator: Funda Wang \n" "Language-Team: Chinese (Simplified) \n" +"projects/sssd/sssd-2-9/zh_CN/>\n" "Language: zh_CN\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Weblate 4.15.2\n" +"X-Generator: Weblate 4.18.2\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -164,9 +164,8 @@ msgid "Enable or disable core dumps for all SSSD processes." msgstr "为所有 SSSD 进程启用或禁用内核转储。" #: src/config/SSSDConfig/sssdoptions.py:58 -#, fuzzy msgid "Tune passkey verification behavior" -msgstr "调整证书验证" +msgstr "调整密码验证行为" #: src/config/SSSDConfig/sssdoptions.py:61 msgid "Enumeration cache timeout length (seconds)" @@ -324,11 +323,11 @@ msgstr "即使不受信任的用户也可以访问的域列表。" #: src/config/SSSDConfig/sssdoptions.py:102 msgid "Message printed when user account is expired." -msgstr "当用户帐户过期时显示的消息。" +msgstr "当用户账户过期时显示的消息。" #: src/config/SSSDConfig/sssdoptions.py:103 msgid "Message printed when user account is locked." -msgstr "当用户帐户被锁住时显示的消息。" +msgstr "当用户账户被锁住时显示的消息。" #: src/config/SSSDConfig/sssdoptions.py:104 msgid "Allow certificate based/Smartcard authentication." @@ -384,18 +383,16 @@ msgstr "" "验证进行 PAM 访问" #: src/config/SSSDConfig/sssdoptions.py:117 -#, fuzzy msgid "Allow passkey device authentication." -msgstr "允许基于证书/智能卡的身份验证。" +msgstr "允许使用通行密钥设备认证。" #: src/config/SSSDConfig/sssdoptions.py:118 -#, fuzzy msgid "How many seconds will pam_sss wait for passkey_child to finish" -msgstr "pam_sss 等待 p11_child 完成的时间(以秒为单位)" +msgstr "pam_sss 等待 passkey_child 完成的时间" #: src/config/SSSDConfig/sssdoptions.py:119 msgid "Enable debugging in the libfido2 library" -msgstr "" +msgstr "在 libfido2 库中启用调试功能" #: src/config/SSSDConfig/sssdoptions.py:122 msgid "Whether to evaluate the time-based attributes in sudo rules" @@ -622,12 +619,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "是否自动更新客户端的 DNS 条目" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "更新后应用于客户端 DNS 条目的TTL" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "应该用于动态 DNS 更新的接口的 IP 地址" @@ -713,101 +710,105 @@ msgstr "" "如果使用 2-Factor-Authentication (2FA),应该保存凭证,这个值决定了第一个认证" "因素((期密码)必须以SHA512 哈希值的形式保存到缓存中的最小长度。" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "IPA 域" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "IPA 服务器地址" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "IPA 备份服务器地址" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "IPA 客户端主机名" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "是否在 FreeIPA 中自动更新客户端的 DNS 条目" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "HBAC 相关对象的搜索基础" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "针对 IPA 服务器查找 HBAC 规则之间的时间间隔" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "针对 IPA 服务器查找 SELinux 映射之间的时间间隔" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "如果设置为 false,PAM 提供的主机参数将被忽略" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "此 IPA 客户端使用的自动挂载器的位置" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "搜索包含有关 IPA 域信息的对象的搜索基础" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "搜索包含有关 ID 范围信息的对象的搜索基础" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "启用 DNS 站点 - 基于位置的服务发现" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "查看容器的搜索基础" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "查看容器的对象类" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "具有视图名称的属性" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "覆盖对象的对象类" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "带有到原始对象参考的属性" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "用户覆盖对象的对象类" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "组覆盖对象的对象类" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "Desktop Profile 相关对象的搜索基础" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "针对 IPA 服务器查找 Desktop Profile 规则之间的时间间隔" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" @@ -815,101 +816,101 @@ msgstr "" "当最后一个请求未找到任何规则时,针对 IPA 服务器的Desktop Profiles 规则查找之" "间的时间间隔(以分钟为单位)" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "搜索 SUBID 范围的基础" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "应该使用哪些规则来评估访问控制" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "包含主机 FQDN 的 LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "LDAP 中主机条目的对象类。" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "使用给定的字符串作为主机对象的搜索基础。" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "包含主机 SSH 公钥的 LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "包含 netgroup 的 NIS 域名的 LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "包含 netgroup 成员名称的 LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "列出属于 netgroup 成员的主机和主机组的 FQDN 的 LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "LDAP属性,列出作为 netgroup 直接成员的主机和主机组。" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "列出 netgroup 成员资格的 LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "LDAP 属性,列出作为 netgroup 直接成员的系统用户和组。" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "与 netgroup 名称相对应的 LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "LDAP 中 netgroup 条目的对象类。" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "包含 LDAP netgroup 对象的 UUID/GUID 的 LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "包含是否启用用户映射的 LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "包含主机类别的 LDAP 属性,如'all'。" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "包含此规则所匹配的所有主机/主机组的 LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "包含该规则所匹配的所有用户/组的 LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "包含 SELinux usermap 名称的 LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." @@ -917,19 +918,19 @@ msgstr "" "包含 HBAC 规则的 DN 的 LDAP 属性,可以用来代替 memberUser 和 memberHost 进行" "匹配。" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "包含 SELinux 用户字符串的 LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "包含用户类别的 LDAP 属性,如'all'。" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "包含用户映射的唯一 ID 的 LDAP 属性。" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." @@ -937,915 +938,914 @@ msgstr "" "该选项表示 SSSD 在 IPA 服务器上运行,应该以不同的方式执行来自受信任域的用户和" "组的查找。" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "使用给定的字符串作为可信域的搜索基础。" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "活动目录域" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "启用活动目录域" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "没动目录服务器地址" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "没动目录备份服务器地址" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "活动目录客户端主机名" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "用于决定访问权限 的 LDAP 过滤器" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "是否使用 Global Catalog 进行查找" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "基于 GPO 的访问控制的操作模式" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "针对 IPA 服务器查找 GPO 策略文件之间的时间间隔" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "映射到 GPO (Deny)InteractiveLogonRight 策略设置的 PAM 服务名称" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "映射到 GPO (Deny)RemoteInteractiveLogonRight 策略设置的 PAM 服务名称" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "映射到 GPO (Deny)NetworkLogonRight 策略设置的 PAM 服务名称" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "映射到 GPO (Deny)BatchLogonRight 策略设置的 PAM 服务名称" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "映射到 GPO (Deny)ServiceLogonRight 策略设置的 PAM 服务名称" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "基于 GPO 的访问始终会被授予的 PAM 服务名称" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "基于 GPO 的访问始终会被拒绝的 PAM 服务名称" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "用于未映射的 PAM 服务名称的默认登录权(或允许/拒绝)" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "客户要使用的特定站点" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" -msgstr "机器帐户密码需要续订的最长期限(天)" +msgstr "机器账户密码需要续订的最长期限(天)" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" -msgstr "用于调整机器帐户续订任务的选项" +msgstr "用于调整机器账户续订任务的选项" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "是否要更新 Samba 数据库中的机器账户密码" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "将 LDAPS 端口用于 LDAP 和 Global Catalog 请求" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "不要从其它域过滤域本地组" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Kerberos 服务器地址" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "Kerberos 备份服务器地址" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Kerberos 域" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "验证超时" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "是否创建 kdcinfo 文件" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "在哪里放置 krb5 配置片段" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "存储凭证缓存的目录" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "用户凭证缓存的位置" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "用于验证凭据的密钥表的位置" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "启用凭证验证" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "离线时存储密码,以便以后进行在线身份验证" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "TGT 的可更新寿命" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "TGT 的寿命" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "两次更新检查之间的间隔时间" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "启用 FAST" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "选择用于 FAST 的主体" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "使用匿名 PKINIT 请求 FAST 凭证" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "启用主体规范化" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "启用企业主体" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "允许使用子域域进行身份验证" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "从用户名到 Kerberos 主体名称的映射" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "如果不在 KDC 上,运行更改密码服务的服务器" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri,LDAP 服务器的 URI" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "ldap_backup_uri,LDAP 服务器的 URI" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "默认基本 DN" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "LDAP 服务器上使用的 Schema Type,rfc2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "用来修改用户密码的模式" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "默认绑定 DN" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "默认绑定 DN 的身份验证令牌的类型" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "默认绑定 DN 的身份验证令牌" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "尝试连接的时间长度" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "尝试同步 LDAP 操作的时间长度" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "离线时尝试重新连接的时间间隔" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "对于域名称仅使用大写字母" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "包含 CA 证书的文件" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "CA 证书目录的路径" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "包含客户端 CA 证书的文件" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "包含客户端密钥的文件" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "可能的加密套件列表" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "调整 TLS 证书验证" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "指定要使用的 sasl 机制" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "指定要使用的 sasl 授权 ID" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "指定要使用的 sasl 授权域" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "为 LDAP sasl 授权指定最小的 SSF" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "为 LDAP sasl 授权指定最大的 SSF" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "Kerberos服务密钥表" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "使用 Kerberos 身份验证进行 LDAP 连接" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "遵循 LDAP 引用" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "TGT 的 LDAP 连接生命周期" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "如何取消引用别名" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "DNS 服务查找的服务名称" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "单个 LDAP 查询中要检索的记录数" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "触发完全取消引用请最少需要缺少的成员数" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "忽略不可读的 LDAP 引用" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "在 SASL绑定期间,LDAP 库是否应执行反向查找以规范化主机名" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "允许保留本地用户作为使用 RFC2307 模式的服务器的 LDAP 组成员。" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "entryUSN 属性" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "lastUSN 属性" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "断开连接前与 LDAP 服务器保持连接的时间" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "禁用 LDAP 分页控制" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "禁用 Active Directory 范围检索" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "等待搜索请求的时间长度" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "等待枚举请求的时间长度" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "枚举更新之间的时间长度" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "枚举更新之间的最长周期偏差" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "两次缓存清除之间的时间长度" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "缓存清理之间的最长时间偏差" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "需要 TLS 进行 ID 查找" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "使用 objectSID 的 ID 映射而不是预设的 ID" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "用户查找的基本 DN" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "用户查找范围" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "用户查找过滤" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "用户的对象类" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "用户名属性" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "UID 属性" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "主 GID 属性" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "GECOS 属性" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "家目录属性" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "Shell 属性" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "UUID 属性" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "objectSID 属性" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "用于 ID 映射的活动目录的主组属性" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "用户主体属性(用于 Kerberos)" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "全称" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "memberOf 属性" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "修改时间属性" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "shadowLastChange 属性" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "shadowMin 属性" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "shadowMax 属性" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "shadowWarning 属性" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "shadowInactive 属性" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "shadowExpire 属性" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "shadowFlag 属性" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "列出授权的 PAM 服务的属性" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "列出授权的服务器主机的属性" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "列出授权的服务器 rhost 的属性" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "krbLastPwdChange 属性" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "krbPasswordExpiration 属性" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "用来指示服务器端密码策略处于活动状态的属性" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "AD 的 accountExpires 属性" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "AD 的 userAccountControl 属性" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "nsAccountLock 属性" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "NDS 的 loginDisabled 属性" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "NDS 的 loginExpirationTime 属性" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "NDS 的 loginAllowedTimeMap 属性" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "SSH 公钥属性" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "列出用户允许的身份验证类型的属性" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "包含用户的 X509 证书的属性" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "包含用户电子邮件地址的属性" -#: src/config/SSSDConfig/sssdoptions.py:449 -#, fuzzy +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" -msgstr "包含用户电子邮件地址的属性" +msgstr "包含用户的通行密钥映射数据的属性" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "要与用户条目一起下载的其他属性的列表" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "组查找的基本 DN" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "组的对象类" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "组名称" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "组密码" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "GID 属性" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "组成员属性" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "组 UUID 属性" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "组的修改时间属性" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "组的类型和其他标志" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "LDAP 组外部成员属性" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "将遵循的最大嵌套级别 SSSD" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "组查询的过滤器" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "组查询的范围" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "netgroup 查找的基本 DN" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "netgroup 的对象类" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "Netgroup 名" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "Netgroups 成员属性" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "Netgroup triple 属性" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "netgroup 的修改时间属性" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "服务查找的基本 DN" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "服务的对象类" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "服务名属性" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "服务端口属性" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "服务协议属性" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "ID 映射的下限" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "ID 映射的上限" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "ID 映射时每个片的 ID 数" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "使用与 autorid 兼容的算法进行 ID 映射" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "用于 ID 映射的默认域的名称" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "用于 ID 映射的默认域的 SID" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "次要切片数" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "是否使用令牌组" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "设置 LDAP 服务器允许的 ID 的下边界" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "设置 LDAP 服务器允许的 ID 的上边界" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "ppolicy 查询的 DN" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "在通配符请求期间要提取多少个最大条目" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "设置 libldap debug 级别" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "评估密码有效期的策略" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" -msgstr "应使用哪些属性来评估帐户是否过期" +msgstr "应使用哪些属性来评估账户是否过期" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "允许更改密码的 LDAP 服务器的 URI" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "允许更改密码的备份 LDAP 服务器的 URI" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "LDAP 密码更改服务器的 DNS 服务名称" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "更改密码后是否更新 ldap_user_shadow_last_change 属性" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "sudo 规则查找的基本DN" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "自动完整刷新周期" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "自动智能刷新周期" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "智能和完整刷新随机偏移" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "是否按主机名,IP地址和网络过滤规则" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "本机的主机名和/或限定域名,用于过滤 sudo 规则" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "IPv4 或 IPv6 地址或本机器的网络,用于过滤 sudo 规则" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "是否在主机属性中包含带有 netgroup 的规则" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "是否在主机属性中包含带有正则表达式的规则" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "sudo 规则的对象类" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "用作 sudo 规则的对象类的属性名称" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "sudo 规则名" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "sudo 规则命令属性" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "sudo 规则主机属性" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "sudo 规则用户属性" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "sudo 规则选项属性" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "sudo 规则 runas 属性" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "sudo 规则 runasuser 属性" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "sudo 规则 runasgroup 属性" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "sudo 规则 notbefore 属性" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "sudo 规则 notafter 属性" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "sudo 规则顺序属性" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "自动挂载器映射的对象类" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "自动挂载器映射名称属性" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "自动挂载器映射条目的对象类" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "自动挂载器映射条目键的属性" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "自动挂载器映射条目值的属性" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "自动挂载程序映射查找的基本 DN" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "LDAP 中自动挂载主映射的名称。" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "IP 主机查询的基础 DN" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "IP 主机的对象类" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "IP 主机名属性" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "IP 主机号(地址)属性" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "IP 主机 entryUSN 属性" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "IP 网络查询的基础 DN" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "IP 网络的对象类" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "IP 网络名称属性" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "I P网号(地址)属性" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "IP 网络 entryUSN 属性" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "以逗号分隔的允许的用户列表" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "以逗号分隔的不允许的用户列表" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" "以逗号分隔的允许登录的组的列表。这只适用于此 SSSD 域内的组。本地组不被评估。" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " @@ -1854,31 +1854,31 @@ msgstr "" "以逗号分隔的明确拒绝访问的组的列表。这只适用于此 SSSD 域内的组。本地组不被评" "估。" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "预分支代理子代的数量。" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "使用的 NSS 库的名称" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "用于查询主机和网络的 NSS 库名称" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "如果可能,是否从缓存中查找规范的组名" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "使用的 PAM 堆栈" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "passwd 文件源的路径。" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "group 文件源的路径。" @@ -1927,67 +1927,67 @@ msgstr "在 % 下运行,必须是 root\n" msgid "SSSD is already running\n" msgstr "SSSD 已运行\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "允许内核转储" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "调试日志的打开文件描述符" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "用户创建 FAST 缓存为" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "组创建 FAST 缓存为" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "使用匿名 PKINIT 请求 FAST armor 票" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "要使用的 kerberos 域" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "要求的票证寿命" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "要求的可续约票证寿命" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "FAST 选项('never'、'try'、'demand')" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "指定用于 FAST 的服务器主体" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "要求规范化主体名称" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "使用自定义版本的 krb5_get_init_creds_password" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "用于日志记录的 Tevent 链 ID" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "检查 PAC 标志" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "talloc_asprintf 失败。\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "set_debug_file_from_fd 失败。\n" @@ -1995,35 +1995,35 @@ msgstr "set_debug_file_from_fd 失败。\n" msgid "Domain of the information provider (mandatory)" msgstr "信息提供者的域(强制)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "特权套接字有错误的所有权或权限。" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "公共套接字有错误的所有权或权限。" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "服务器凭证消息的格式异常。" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD 没有由 root 运行。" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "SSSD socket 不存在。" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "无法获取 SSSD socket 的统计数据。" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "发生错误,但找不到描述信息。" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "查找错误说明时出现意外错误" @@ -2031,119 +2031,131 @@ msgstr "查找错误说明时出现意外错误" msgid "Permission denied. " msgstr "权限被拒绝。 " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "服务器消息: " #: src/sss_client/pam_sss.c:71 -msgid "Enter PIN:" +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:72 +msgid "Enter PIN:" +msgstr "输入 PIN:" + +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "密码不匹配" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "不支持通过 root 重置密码。" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "通过缓存的凭据进行身份验证" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ",您缓存的密码将过期于: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "您的密码已过期。您有 %1$d 剩余宽限登陆。" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "您的密码将于 %1$d %2$s 过期。" -#: src/sss_client/pam_sss.c:627 -#, fuzzy, c-format +#: src/sss_client/pam_sss.c:628 +#, c-format msgid "Your password has expired." -msgstr "您的密码将于 %1$d %2$s 过期。" +msgstr "您的密码已经过期。" -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "身份验证被拒绝,直到: " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "系统离线,无法更改密码" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "更改 OTP 密码后,您需要注销并重新登录以获得票证" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "PIN 已锁定" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "更改密码失败。 " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "在 %1$s 处进行身份验证,然后按 ENTER 。" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "在 %2$s 处使用 PIN %1$s 进行身份验证,然后按 ENTER 。" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "请(重新)插入(不同的)智能卡" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "新密码: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "重新输入新密码: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "第一因素: " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "第二因素(可选): " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "第二因素: " -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." -msgstr "" +msgstr "插入您的通行密钥设备,然后按回车键。" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "密码: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "第一因素(当前密码): " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "当前密码: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "密码已过期。立即更改密码。" @@ -2478,9 +2490,8 @@ msgid "Passkey related tools:" msgstr "与 Passkey 相关的工具:" #: src/tools/sssctl/sssctl.c:348 -#, fuzzy msgid "Perform passkey registration" -msgstr "执行与 passkey 相关的操作" +msgstr "执行通行密钥登记" #: src/tools/sssctl/sssctl_cache.c:31 #, c-format @@ -2656,9 +2667,8 @@ msgid "Error while reading configuration directory.\n" msgstr "读取配置目录时出错。\n" #: src/tools/sssctl/sssctl_config.c:147 -#, fuzzy msgid "There is no configuration.\n" -msgstr "从 %s 加载配置失败。\n" +msgstr "没有任何配置。\n" #: src/tools/sssctl/sssctl_config.c:157 msgid "Failed to run validators" diff --git a/po/zh_TW.po b/po/zh_TW.po index 1e9c6b85f7a..27e5c6f7191 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2014-12-14 11:50-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/sssd/" @@ -589,12 +589,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" @@ -678,1162 +678,1166 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "IPA 網域" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "IPA 伺服器位址" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "IPA 客戶端主機名稱" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Kerberos 伺服器位址" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "認證逾時" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "儲存憑證快取的目錄" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "使用者憑證快取的位置" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "驗證憑證用的金鑰表格位置" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "啟用憑證驗證" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "需要 TLS 憑證驗證" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "指定要使用的 sasl 機制" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "指定要使用的 sasl 認證 id" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "搜尋請求的等候時間長度" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "全名" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "評估密碼過期時效的策略" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "許可的使用者清單,請使用半形逗號作為分隔" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "被禁止的使用者清單,請使用半形逗號作為分隔" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "要使用的 NSS 函式庫名稱" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "要使用的 PAM 堆疊" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1882,67 +1886,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1950,35 +1954,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" @@ -1986,119 +1990,131 @@ msgstr "" msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "伺服器訊息:" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "密碼不相符" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ",您快取的密碼將在此刻過期:" -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr ",您快取的密碼將在此刻過期:" -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "系統已離線,不可能作密碼變更" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "密碼變更失敗。" -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "新密碼:" -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "再次輸入新密碼:" -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "密碼:" -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "目前的密碼:" -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "密碼已過期。請立刻變更您的密碼。" diff --git a/scripts/release.sh b/scripts/release.sh index 02a1e2f3b2c..54509f89d51 100755 --- a/scripts/release.sh +++ b/scripts/release.sh @@ -25,5 +25,5 @@ make dist-gzip || exit 1 # also builds docs popd mv sssd-${version}/sssd-${version}.tar.gz . -gpg --detach-sign --armor sssd-${version}.tar.gz - +gpg2 --default-key C13CD07FFB2DB1408E457A3CD3D21B2910CF6759 --detach-sign --armor sssd-${version}.tar.gz +sha256sum sssd-${version}.tar.gz > sssd-${version}.tar.gz.sha256sum diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 5aebefcae1f..a7344e1668f 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -2521,7 +2521,6 @@ int confdb_expand_app_domains(struct confdb_ctx *cdb) return ret; } -#ifdef BUILD_FILES_PROVIDER static errno_t certmap_local_check(struct ldb_message *msg) { const char *rule_name; @@ -2571,11 +2570,11 @@ static errno_t certmap_local_check(struct ldb_message *msg) return EOK; } -#endif static errno_t confdb_get_all_certmaps(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, struct sss_domain_info *dom, + bool certmaps_for_local_users, struct certmap_info ***_certmap_list) { TALLOC_CTX *tmp_ctx = NULL; @@ -2621,8 +2620,7 @@ static errno_t confdb_get_all_certmaps(TALLOC_CTX *mem_ctx, } for (c = 0; c < res->count; c++) { -#ifdef BUILD_FILES_PROVIDER - if (is_files_provider(dom)) { + if (certmaps_for_local_users) { ret = certmap_local_check(res->msgs[c]); if (ret != EOK) { DEBUG(SSSDBG_CONF_SETTINGS, @@ -2631,7 +2629,6 @@ static errno_t confdb_get_all_certmaps(TALLOC_CTX *mem_ctx, continue; } } -#endif ret = sysdb_ldb_msg_attr_to_certmap_info(certmap_list, res->msgs[c], attrs, &certmap_list[c]); if (ret != EOK) { @@ -2651,7 +2648,8 @@ static errno_t confdb_get_all_certmaps(TALLOC_CTX *mem_ctx, } int confdb_certmap_to_sysdb(struct confdb_ctx *cdb, - struct sss_domain_info *dom) + struct sss_domain_info *dom, + bool certmaps_for_local_users) { int ret; TALLOC_CTX *tmp_ctx; @@ -2663,7 +2661,8 @@ int confdb_certmap_to_sysdb(struct confdb_ctx *cdb, return ENOMEM; } - ret = confdb_get_all_certmaps(tmp_ctx, cdb, dom, &certmap_list); + ret = confdb_get_all_certmaps(tmp_ctx, cdb, dom, certmaps_for_local_users, + &certmap_list); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "confdb_get_all_certmaps failed.\n"); goto done; diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 9c69e8921ff..4487d78ef57 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -272,6 +272,7 @@ #define CONFDB_DOMAIN_TYPE_POSIX "posix" #define CONFDB_DOMAIN_TYPE_APP "application" #define CONFDB_DOMAIN_INHERIT_FROM "inherit_from" +#define CONFDB_DOMAIN_LOCAL_AUTH_POLICY "local_auth_policy" /* Proxy Provider */ #define CONFDB_PROXY_LIBNAME "proxy_lib_name" @@ -775,7 +776,8 @@ int confdb_get_sub_sections(TALLOC_CTX *mem_ctx, * @return EINVAL - Typically internal processing error */ int confdb_certmap_to_sysdb(struct confdb_ctx *cdb, - struct sss_domain_info *dom); + struct sss_domain_info *dom, + bool certmaps_for_local_users); /** * @} diff --git a/src/config/SSSDConfig/sssdoptions.py b/src/config/SSSDConfig/sssdoptions.py index 22eea89180b..0d75e6d822d 100644 --- a/src/config/SSSDConfig/sssdoptions.py +++ b/src/config/SSSDConfig/sssdoptions.py @@ -223,6 +223,7 @@ def __init__(self): 'should be saved this value determines the minimal length ' 'the first authentication factor (long term password) must ' 'have to be saved as SHA512 hash into the cache.'), + 'local_auth_policy': _('Local authentication methods policy '), # [provider/ipa] 'ipa_domain': _('IPA domain'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 92b3de1cfe6..b160be2b128 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -621,7 +621,8 @@ def testListOptions(self): 'pam_gssapi_check_upn', 'pam_gssapi_indicators_map', 'refresh_expired_interval', - 'refresh_expired_interval_offset'] + 'refresh_expired_interval_offset', + 'local_auth_policy'] self.assertTrue(type(options) == dict, "Options should be a dictionary") @@ -981,7 +982,8 @@ def testRemoveProvider(self): 'refresh_expired_interval', 'refresh_expired_interval_offset', 'dyndns_refresh_interval', - 'dyndns_refresh_interval_offset'] + 'dyndns_refresh_interval_offset', + 'local_auth_policy'] self.assertTrue(type(options) == dict, "Options should be a dictionary") diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 3f2b61c26df..61cbdafaade 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -425,6 +425,7 @@ option = auto_private_groups option = pam_gssapi_services option = pam_gssapi_check_upn option = pam_gssapi_indicators_map +option = local_auth_policy #Entry cache timeouts option = entry_cache_user_timeout diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 606adf1da2f..5ae6aab1905 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -192,6 +192,7 @@ auto_private_groups = str, None, false pam_gssapi_services = str, None, false pam_gssapi_check_upn = bool, None, false pam_gssapi_indicators_map = str, None, false +local_auth_policy = str, None, false #Entry cache timeouts entry_cache_user_timeout = int, None, false diff --git a/src/db/sysdb.c b/src/db/sysdb.c index 649e79fcac6..1faa11b16e0 100644 --- a/src/db/sysdb.c +++ b/src/db/sysdb.c @@ -523,6 +523,15 @@ static int sysdb_attrs_add_val_int(struct sysdb_attrs *attrs, return EOK; } + +int sysdb_attrs_add_empty(struct sysdb_attrs *attrs, const char *name) +{ + struct ldb_message_element *el; + + /* Calling this will create the element if it does not exist. */ + return sysdb_attrs_get_el_ext(attrs, name, true, &el); +} + int sysdb_attrs_add_val(struct sysdb_attrs *attrs, const char *name, const struct ldb_val *val) { diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 9cc84270b4b..55c6437f2de 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -136,6 +136,7 @@ #define SYSDB_DN_FOR_MEMBER_HASH_TABLE "dnForMemberHashTable" #define SYSDB_ORIG_DN "originalDN" +#define SYSDB_ORIG_OBJECTCLASS "originalObjectClass" #define SYSDB_ORIG_MODSTAMP "originalModifyTimestamp" #define SYSDB_ORIG_MEMBEROF "originalMemberOf" #define SYSDB_ORIG_MEMBER "orig_member" @@ -160,6 +161,10 @@ #define SYSDB_USER_PASSKEY "userPasskey" +/* Local auth types */ +#define SYSDB_LOCAL_SMARTCARD_AUTH "localSmartcardAuth" +#define SYSDB_LOCAL_PASSKEY_AUTH "localPasskeyAuth" + #define SYSDB_SUBDOMAIN_REALM "realmName" #define SYSDB_SUBDOMAIN_FLAT "flatName" #define SYSDB_SUBDOMAIN_DNS "dnsName" @@ -387,10 +392,17 @@ enum sysdb_index_actions { SYSDB_IDX_LIST }; +enum sysdb_obj_type { + SYSDB_UNKNOWN = 0, + SYSDB_USER, + SYSDB_GROUP +}; + /* These attributes are stored in the timestamp cache */ extern const char *sysdb_ts_cache_attrs[]; /* values are copied in the structure, allocated on "attrs" */ +int sysdb_attrs_add_empty(struct sysdb_attrs *attrs, const char *name); int sysdb_attrs_add_val(struct sysdb_attrs *attrs, const char *name, const struct ldb_val *val); int sysdb_attrs_add_val_safe(struct sysdb_attrs *attrs, diff --git a/src/db/sysdb_computer.c b/src/db/sysdb_computer.c deleted file mode 100644 index 9fcaf5a7c3b..00000000000 --- a/src/db/sysdb_computer.c +++ /dev/null @@ -1,185 +0,0 @@ -/* - SSSD - - Authors: - Samuel Cabrero - David Mulder - - Copyright (C) 2019 SUSE LINUX GmbH, Nuernberg, Germany. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include - -#include "db/sysdb.h" -#include "db/sysdb_private.h" -#include "db/sysdb_computer.h" - -static errno_t -sysdb_search_computer(TALLOC_CTX *mem_ctx, - struct sss_domain_info *domain, - const char *filter, - const char **attrs, - size_t *_num_hosts, - struct ldb_message ***_hosts) -{ - errno_t ret; - TALLOC_CTX *tmp_ctx; - struct ldb_message **results; - size_t num_results; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - ret = sysdb_search_custom(tmp_ctx, domain, filter, - COMPUTERS_SUBDIR, attrs, - &num_results, &results); - if (ret != EOK && ret != ENOENT) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Error looking up host [%d]: %s\n", - ret, strerror(ret)); - goto done; - } else if (ret == ENOENT) { - DEBUG(SSSDBG_TRACE_FUNC, "No such host\n"); - *_hosts = NULL; - *_num_hosts = 0; - goto done; - } - - *_hosts = talloc_steal(mem_ctx, results); - *_num_hosts = num_results; - ret = EOK; - -done: - talloc_free(tmp_ctx); - - return ret; -} - -int -sysdb_get_computer(TALLOC_CTX *mem_ctx, - struct sss_domain_info *domain, - const char *computer_name, - const char **attrs, - struct ldb_message **_computer) -{ - TALLOC_CTX *tmp_ctx; - errno_t ret; - const char *filter; - struct ldb_message **hosts; - size_t num_hosts; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - filter = talloc_asprintf(tmp_ctx, SYSDB_COMP_FILTER, computer_name); - if (!filter) { - ret = ENOMEM; - goto done; - } - - ret = sysdb_search_computer(tmp_ctx, domain, filter, attrs, - &num_hosts, &hosts); - if (ret != EOK) { - goto done; - } - - if (num_hosts != 1) { - ret = EINVAL; - DEBUG(SSSDBG_CRIT_FAILURE, - "Did not find a single host with name %s\n", computer_name); - goto done; - } - - *_computer = talloc_steal(mem_ctx, hosts[0]); - ret = EOK; - -done: - talloc_free(tmp_ctx); - - return ret; -} - -int -sysdb_set_computer(TALLOC_CTX *mem_ctx, - struct sss_domain_info *domain, - const char *computer_name, - const char *sid_str, - int cache_timeout, - time_t now) -{ - TALLOC_CTX *tmp_ctx; - int ret; - struct sysdb_attrs *attrs; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - attrs = sysdb_new_attrs(tmp_ctx); - if (!attrs) { - ret = ENOMEM; - goto done; - } - - ret = sysdb_attrs_add_string(attrs, SYSDB_SID_STR, sid_str); - if (ret) goto done; - - ret = sysdb_attrs_add_string(attrs, SYSDB_OBJECTCLASS, SYSDB_COMPUTER_CLASS); - if (ret) goto done; - - ret = sysdb_attrs_add_string(attrs, SYSDB_NAME, computer_name); - if (ret) goto done; - - /* creation time */ - ret = sysdb_attrs_add_time_t(attrs, SYSDB_CREATE_TIME, now); - if (ret) goto done; - - /* Set a cache expire time. There is a periodic task that cleans up - * expired entries from the cache even when enumeration is disabled */ - ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE, - cache_timeout ? (now + cache_timeout) : 0); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Could not set sysdb cache expire [%d]: %s\n", - ret, strerror(ret)); - goto done; - } - - ret = sysdb_store_custom(domain, computer_name, COMPUTERS_SUBDIR, attrs); - if (ret) goto done; - - /* FIXME As a future improvement we have to extend domain enumeration. - * When 'enumerate = true' for a domain, sssd starts a periodic task - * that brings all users and groups to the cache, cleaning up - * stale objects after each run. If enumeration is disabled, the cleanup - * task for expired entries is started instead. - * - * We have to extend the enumeration task to fetch 'computer' - * objects as well (see ad_id_enumeration_send, the entry point of the - * enumeration task for the id provider). - */ -done: - if (ret) { - DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); - } - talloc_zfree(tmp_ctx); - - return ret; -} diff --git a/src/db/sysdb_computer.h b/src/db/sysdb_computer.h deleted file mode 100644 index 4be67fdf519..00000000000 --- a/src/db/sysdb_computer.h +++ /dev/null @@ -1,51 +0,0 @@ -/* - SSSD - - Authors: - Samuel Cabrero - David Mulder - - Copyright (C) 2019 SUSE LINUX GmbH, Nuernberg, Germany. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#ifndef SYSDB_COMPUTERS_H_ -#define SYSDB_COMPUTERS_H_ - -#include "db/sysdb.h" - -#define COMPUTERS_SUBDIR "computers" -#define SYSDB_COMPUTER_CLASS "computer" -#define SYSDB_COMPUTERS_CONTAINER "cn="COMPUTERS_SUBDIR -#define SYSDB_TMPL_COMPUTER_BASE SYSDB_COMPUTERS_CONTAINER","SYSDB_DOM_BASE -#define SYSDB_TMPL_COMPUTER SYSDB_NAME"=%s,"SYSDB_TMPL_COMPUTER_BASE -#define SYSDB_COMP_FILTER "(&("SYSDB_NAME"=%s)("SYSDB_OBJECTCLASS"="SYSDB_COMPUTER_CLASS"))" - -int -sysdb_get_computer(TALLOC_CTX *mem_ctx, - struct sss_domain_info *domain, - const char *computer_name, - const char **attrs, - struct ldb_message **computer); - -int -sysdb_set_computer(TALLOC_CTX *mem_ctx, - struct sss_domain_info *domain, - const char *computer_name, - const char *sid_str, - int cache_timeout, - time_t now); - -#endif /* SYSDB_COMPUTERS_H_ */ diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 108603722b6..3331d46877f 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -406,12 +406,6 @@ int sysdb_search_entry_by_sid_str(TALLOC_CTX *mem_ctx, /* =Search-User-by-[UID/SID/NAME]============================================= */ -enum sysdb_obj_type { - SYSDB_UNKNOWN = 0, - SYSDB_USER, - SYSDB_GROUP -}; - static errno_t cleanup_dn_filter(TALLOC_CTX *mem_ctx, struct ldb_result *ts_res, const char *object_class, @@ -2313,8 +2307,10 @@ int sysdb_add_incomplete_group(struct sss_domain_info *domain, ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now); if (ret) goto done; + /* in case (ignore_group_members == true) group is actually complete */ ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE, - now-1); + domain->ignore_group_members ? + (now + domain->group_timeout) : (now-1)); if (ret) goto done; ret = sysdb_attrs_add_bool(attrs, SYSDB_POSIX, posix); @@ -2984,6 +2980,7 @@ sysdb_group_membership_mod(struct sss_domain_info *domain, struct ldb_dn *member_dn; char *member_domname; struct sss_domain_info *member_dom; + struct sss_domain_info *group_dom; int ret; TALLOC_CTX *tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { @@ -3023,7 +3020,17 @@ sysdb_group_membership_mod(struct sss_domain_info *domain, } if (!is_dn) { - group_dn = sysdb_group_dn(tmp_ctx, domain, group); + /* To create a correct DN we have to check if the group belongs to */ + /* child domain */ + group_dom = find_domain_by_object_name(domain, group); + if (group_dom == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "The right (sub)domain for the group [%s] was not found\n", + group); + ret = EINVAL; + goto done; + } + group_dn = sysdb_group_dn(tmp_ctx, group_dom, group); } else { group_dn = ldb_dn_new(tmp_ctx, domain->sysdb->ldb, group); } diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index 7efd570e784..e4c53b85355 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -1225,7 +1225,9 @@ int sysdb_getgrnam(TALLOC_CTX *mem_ctx, res->msgs[0], ORIGINALAD_PREFIX SYSDB_NAME, NULL); if (originalad_sanitized_name != NULL - && strcmp(originalad_sanitized_name, sanitized_name) != 0) { + && !sss_string_equal(domain->case_sensitive, + originalad_sanitized_name, + sanitized_name)) { fmt_filter = SYSDB_GRNAM_FILTER; base_dn = sysdb_group_base_dn(tmp_ctx, domain); res = NULL; diff --git a/src/examples/logrotate b/src/examples/logrotate index ecf0c610287..6e769451ce5 100644 --- a/src/examples/logrotate +++ b/src/examples/logrotate @@ -7,6 +7,7 @@ compress delaycompress postrotate - /bin/kill -HUP `cat /var/run/sssd.pid 2>/dev/null` 2> /dev/null || true + /bin/kill -HUP `cat /var/run/sssd.pid 2>/dev/null` 2> /dev/null || true + /bin/pkill -HUP sssd_kcm 2> /dev/null || true endscript } diff --git a/src/external/libldb.m4 b/src/external/libldb.m4 index c400add372c..e8285a9f1c4 100644 --- a/src/external/libldb.m4 +++ b/src/external/libldb.m4 @@ -3,10 +3,13 @@ AC_SUBST(LDB_LIBS) PKG_CHECK_MODULES(LDB, ldb >= 0.9.2) +SAVE_CFLAGS=$CFLAGS +CFLAGS="$CFLAGS $LDB_CFLAGS" AC_CHECK_HEADERS(ldb.h ldb_module.h, [AC_CHECK_LIB(ldb, ldb_init, [LDB_LIBS="-lldb"], , -ltevent -ltdb -ldl -lldap) ], [AC_MSG_ERROR([LDB header files are not installed])] ) +CFLAGS=$SAVE_CFLAGS AC_ARG_WITH([ldb-lib-dir], [AC_HELP_STRING([--with-ldb-lib-dir=PATH], diff --git a/src/external/pac_responder.m4 b/src/external/pac_responder.m4 index 3cbe3c9cfba..90727185b57 100644 --- a/src/external/pac_responder.m4 +++ b/src/external/pac_responder.m4 @@ -22,7 +22,8 @@ then Kerberos\ 5\ release\ 1.17* | \ Kerberos\ 5\ release\ 1.18* | \ Kerberos\ 5\ release\ 1.19* | \ - Kerberos\ 5\ release\ 1.20*) + Kerberos\ 5\ release\ 1.20* | \ + Kerberos\ 5\ release\ 1.21*) krb5_version_ok=yes AC_MSG_RESULT([yes]) ;; diff --git a/src/krb5_plugin/passkey/passkey.h b/src/krb5_plugin/passkey/passkey.h index 7c2d7f3a73a..0f36d5da1af 100644 --- a/src/krb5_plugin/passkey/passkey.h +++ b/src/krb5_plugin/passkey/passkey.h @@ -34,6 +34,9 @@ #define SSSD_PASSKEY_QUESTION "passkey" #define SSSD_PASSKEY_PREFIX "passkey " #define SSSD_PASSKEY_REPLY_STATE "ipa_otpd state" +#define SSSD_PASSKEY_PROMPT "Insert your passkey device, then press ENTER" +#define SSSD_PASSKEY_PIN_PROMPT "Enter PIN" +#define SSSD_PASSKEY_CHILD SSSD_LIBEXEC_PATH"/passkey_child" struct sss_passkey_config { char **indicators; @@ -81,9 +84,9 @@ void sss_passkey_message_free(struct sss_passkey_message *message); struct sss_passkey_message * -sss_passkey_prefix_json_data(enum sss_passkey_phase phase, - const char *state, - const char *json_str); +sss_passkey_message_from_reply_json(enum sss_passkey_phase phase, + const char *state, + const char *json_str); char * sss_passkey_message_encode(const struct sss_passkey_message *data); @@ -100,4 +103,8 @@ sss_passkey_message_decode_padata(krb5_pa_data *padata); krb5_pa_data ** sss_passkey_message_encode_padata_array(const struct sss_passkey_message *data); +krb5_error_code +sss_passkey_concat_credentials(char **creds, + char **_creds_str); + #endif /* _PASSKEY_H_ */ diff --git a/src/krb5_plugin/passkey/passkey_clpreauth.c b/src/krb5_plugin/passkey/passkey_clpreauth.c index e49aeb7b5ce..d2dfe6fe15d 100644 --- a/src/krb5_plugin/passkey/passkey_clpreauth.c +++ b/src/krb5_plugin/passkey/passkey_clpreauth.c @@ -23,19 +23,48 @@ #include #include #include +#include +#include +#include #include #include "krb5_plugin/common/radius_clpreauth.h" #include "passkey.h" +#include "util/child_common.h" + static krb5_error_code sss_passkeycl_prompt(krb5_context context, krb5_prompter_fct prompter, void *prompter_data, struct sss_passkey_message *message, + const char *prompt_txt, + char *prompt_answer, + int answer_len, krb5_data *_reply) { - return ENOTSUP; + krb5_error_code ret; + krb5_prompt prompt; + char *prompt_str; + int aret; + + _reply->magic = 0; + _reply->length = answer_len; + _reply->data = prompt_answer; + + aret = asprintf(&prompt_str, "%s", prompt_txt); + if (aret < 0) { + return ENOMEM; + } + + prompt.reply = _reply; + prompt.prompt = prompt_str; + prompt.hidden = 1; + + ret = (*prompter)(context, prompter_data, NULL, NULL, 1, &prompt); + free(prompt_str); + + return ret; } static krb5_error_code @@ -123,6 +152,97 @@ sss_passkeycl_prep_questions(krb5_context context, return ret; } +static krb5_error_code +sss_passkeycl_exec_child(struct sss_passkey_challenge *data, + char *pin, + uint8_t **_reply) +{ + int pipe_to_child[2]; + int pipe_to_parent[2]; + pid_t cpid; + char *args[10] = {NULL}; + int arg_c = 0; + int size; + uint8_t *buf; + int ret = 0; + char *result_creds; + + buf = calloc(1, CHILD_MSG_CHUNK); + if (buf == NULL) { + ret = ENOMEM; + return ret; + } + + ret = sss_passkey_concat_credentials(data->credential_id_list, + &result_creds); + if (ret != 0) { + ret = ENOMEM; + goto done; + } + + args[arg_c++] = discard_const(SSSD_PASSKEY_CHILD); + args[arg_c++] = discard_const("--get-assert"); + args[arg_c++] = discard_const("--domain"); + args[arg_c++] = data->domain; + args[arg_c++] = discard_const("--key-handle"); + args[arg_c++] = discard_const(result_creds); + args[arg_c++] = discard_const("--cryptographic-challenge"); + args[arg_c++] = data->cryptographic_challenge; + args[arg_c++] = NULL; + + ret = pipe(pipe_to_child); + if (ret == -1) { + ret = ENOMEM; + goto done; + } + + ret = pipe(pipe_to_parent); + if (ret == -1) { + ret = ENOMEM; + goto done; + } + + cpid = fork(); + /* Child */ + if (cpid == 0) { + close(pipe_to_child[1]); + dup2(pipe_to_child[0], STDIN_FILENO); + + close(pipe_to_parent[0]); + dup2(pipe_to_parent[1], STDOUT_FILENO); + + execv(SSSD_PASSKEY_CHILD, args); + exit(EXIT_FAILURE); + /* Parent - write PIN to child and read output + * back from child */ + } else { + close(pipe_to_child[0]); + close(pipe_to_parent[1]); + + write(pipe_to_child[1], pin, strlen(pin)); + close(pipe_to_child[1]); + + size = read(pipe_to_parent[0], buf, CHILD_MSG_CHUNK); + if (size == -1) { + ret = ENOMEM; + goto done; + } + + close(pipe_to_parent[0]); + wait(NULL); + } + + *_reply = buf; + +done: + if (ret != 0) { + free(buf); + } + + free(result_creds); + return ret; +} + static krb5_error_code sss_passkeycl_process(krb5_context context, krb5_clpreauth_moddata moddata, @@ -144,7 +264,13 @@ sss_passkeycl_process(krb5_context context, krb5_data user_reply; struct sss_passkey_message *input_message = NULL; struct sss_passkey_message *reply_message = NULL; + struct sss_passkey_message *reply_msg = NULL; + enum sss_passkey_phase phase; + const char *state; char prompt_answer[255] = {0}; + int answer_len; + char *prompt_reply = NULL; + uint8_t *reply = NULL; const char *answer; input_message = sss_passkey_message_decode_padata(pa_data); @@ -163,15 +289,46 @@ sss_passkeycl_process(krb5_context context, answer = cb->get_responder_answer(context, rock, SSSD_PASSKEY_QUESTION); /* Call prompter if we have no answer to present a prompt. */ if (answer == NULL) { - user_reply.magic = 0; - user_reply.length = sizeof(prompt_answer) / sizeof(char); - user_reply.data = prompt_answer; + /* Interactive prompt */ + answer_len = sizeof(prompt_answer) / sizeof(char); ret = sss_passkeycl_prompt(context, prompter, prompter_data, - input_message, &user_reply); + input_message, SSSD_PASSKEY_PROMPT, + prompt_answer, answer_len, + &user_reply); + if (ret != 0) { + goto done; + } + + /* Prompt for PIN */ + if (input_message->data.challenge->user_verification == 1) { + ret = sss_passkeycl_prompt(context, prompter, prompter_data, + input_message, SSSD_PASSKEY_PIN_PROMPT, + prompt_answer, answer_len, + &user_reply); + if (ret != 0) { + goto done; + } + } + + ret = sss_passkeycl_exec_child(input_message->data.challenge, prompt_answer, &reply); if (ret != 0) { goto done; } + + phase = SSS_PASSKEY_PHASE_REPLY; + state = SSSD_PASSKEY_REPLY_STATE; + reply_msg = sss_passkey_message_from_reply_json(phase, state, (char *)reply); + if (reply_msg == NULL) { + ret = ENOMEM; + goto done; + } + + prompt_reply = sss_passkey_message_encode(reply_msg); + if (prompt_reply == NULL) { + ret = ENOMEM; + goto done; + } } /* Use FAST armor key as response key. */ @@ -181,7 +338,11 @@ sss_passkeycl_process(krb5_context context, } /* Encode the answer into the pa_data output. */ - reply_message = sss_passkey_message_decode(answer); + if (prompt_reply != NULL) { + reply_message = sss_passkey_message_decode(prompt_reply); + } else { + reply_message = sss_passkey_message_decode(answer); + } if (reply_message == NULL) { ret = ENOMEM; goto done; @@ -200,7 +361,11 @@ sss_passkeycl_process(krb5_context context, done: sss_passkey_message_free(reply_message); + sss_passkey_message_free(reply_msg); sss_passkey_message_free(input_message); + free(reply); + free(prompt_reply); + return ret; } diff --git a/src/krb5_plugin/passkey/passkey_utils.c b/src/krb5_plugin/passkey/passkey_utils.c index 3d84862ebf5..e73da97c53b 100644 --- a/src/krb5_plugin/passkey/passkey_utils.c +++ b/src/krb5_plugin/passkey/passkey_utils.c @@ -211,7 +211,7 @@ sss_passkey_challenge_to_json_object(const struct sss_passkey_challenge *data) /* These are required fields. */ if (data->domain == NULL || data->credential_id_list == NULL - || data->user_verification == 0 || data->cryptographic_challenge == NULL) { + || data->cryptographic_challenge == NULL) { return NULL; } @@ -528,14 +528,14 @@ sss_passkey_message_to_json(const struct sss_passkey_message *message) } struct sss_passkey_message * -sss_passkey_prefix_json_data(enum sss_passkey_phase phase, - const char *state, - const char *json_str) +sss_passkey_message_from_reply_json(enum sss_passkey_phase phase, + const char *state, + const char *json_str) { json_error_t jret; json_t *jroot; struct sss_passkey_message *message; - void *data; + struct sss_passkey_reply *data; if (json_str == NULL) { return NULL; @@ -553,9 +553,7 @@ sss_passkey_prefix_json_data(enum sss_passkey_phase phase, } message = sss_passkey_message_init(phase, state, data); - if (message == NULL && phase == SSS_PASSKEY_PHASE_CHALLENGE) { - sss_passkey_challenge_free(data); - } else if (message == NULL && phase == SSS_PASSKEY_PHASE_REPLY) { + if (message == NULL) { sss_passkey_reply_free(data); } @@ -597,3 +595,54 @@ sss_passkey_message_encode_padata_array(const struct sss_passkey_message *data) return sss_radius_encode_padata_array(SSSD_PASSKEY_PADATA, (sss_radius_message_encode_fn)sss_passkey_message_encode, data); } + +krb5_error_code +sss_passkey_concat_credentials(char **creds, + char **_creds_str) +{ + krb5_error_code ret; + char *result_creds = NULL; + size_t total_sz = 0; + size_t len = 0; + int rc = 0; + + for (int i = 0; creds[i] != NULL; i++) { + total_sz += strlen(creds[i]); + if (i > 0) { + /* separating comma in resulting creds string */ + total_sz++; + } + } + + result_creds = malloc(total_sz + 1); + if (result_creds == NULL) { + ret = ENOMEM; + goto done; + } + + len = strlen(creds[0]); + + rc = snprintf(result_creds, len + 1, "%s", creds[0]); + if (rc < 0 || rc > len) { + ret = ENOMEM; + free(result_creds); + goto done; + } + + for (int i = 1; creds[i] != NULL; i++) { + rc = snprintf(result_creds + len, total_sz - len + 1, ",%s", creds[i]); + if (rc < 0 || rc > total_sz - len) { + ret = ENOMEM; + free(result_creds); + goto done; + } + + len += rc; + } + + *_creds_str = result_creds; + + ret = 0; +done: + return ret; +} diff --git a/src/lib/certmap/sss_certmap_ldap_mapping.c b/src/lib/certmap/sss_certmap_ldap_mapping.c index 2f16837a147..354b0310b18 100644 --- a/src/lib/certmap/sss_certmap_ldap_mapping.c +++ b/src/lib/certmap/sss_certmap_ldap_mapping.c @@ -228,14 +228,21 @@ int check_digest_conversion(const char *inp, const char **digest_list, bool colon = false; bool reverse = false; char *c; + size_t len = 0; sep = strchr(inp, '_'); + if (sep != NULL) { + len = sep - inp; + } for (d = 0; digest_list[d] != NULL; d++) { if (sep == NULL) { cmp = strcasecmp(digest_list[d], inp); } else { - cmp = strncasecmp(digest_list[d], inp, (sep - inp -1)); + if (strlen(digest_list[d]) != len) { + continue; + } + cmp = strncasecmp(digest_list[d], inp, len); } if (cmp == 0) { diff --git a/src/man/Makefile.am b/src/man/Makefile.am index ee44dff97d1..1e51aebfdb2 100644 --- a/src/man/Makefile.am +++ b/src/man/Makefile.am @@ -117,23 +117,23 @@ man_MANS += sssd-files.5 endif # BUILD_FILES_PROVIDER endif -SUFFIXES = .1.xml .1 .3.xml .3 .5.xml .5 .8.xml .8 -.1.xml.1: +$(builddir)/src/man/sssd_user_name.include: + @mkdir -p $(builddir)/src/man + @echo -n $(SSSD_USER) > $(builddir)/src/man/sssd_user_name.include + +%.1: %.1.xml $(XMLLINT) $(XMLLINT_FLAGS) $< $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< -.3.xml.3: +%.3: %.3.xml $(XMLLINT) $(XMLLINT_FLAGS) $< $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< -.5.xml.5: - @mkdir -p $(builddir)/src/man - @echo -n $(SSSD_USER) > $(builddir)/src/man/sssd_user_name.include +%.5: %.5.xml $(builddir)/src/man/sssd_user_name.include $(XMLLINT) --path "$(srcdir)/src/man:$(builddir)/src/man" $(XMLLINT_FLAGS) $< $(XSLTPROC) --path "$(srcdir)/src/man:$(builddir)/src/man" -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< - @rm -f $(builddir)/src/man/sssd_user_name.include -.8.xml.8: +%.8: %.8.xml $(XMLLINT) $(XMLLINT_FLAGS) $< $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< @@ -215,6 +215,7 @@ clean-local: done rm -f $(man_MANS) rm -f man.stamp + rm -f $(builddir)/src/man/sssd_user_name.include else @@ -224,6 +225,7 @@ man.stamp: $(XML_DOC) clean-local: rm -f $(man_MANS) rm -f man.stamp + rm -f $(builddir)/src/man/sssd_user_name.include endif diff --git a/src/man/include/ldap_id_mapping.xml b/src/man/include/ldap_id_mapping.xml index 3f869c50d17..25cb6e5c25f 100644 --- a/src/man/include/ldap_id_mapping.xml +++ b/src/man/include/ldap_id_mapping.xml @@ -234,7 +234,7 @@ ldap_schema = ad When this option is configured, domains will be allocated starting with slice zero and increasing - monatomically with each additional domain. + monotonically with each additional domain. NOTE: This algorithm is non-deterministic (it diff --git a/src/man/po/br.po b/src/man/po/br.po index ada77270df0..b2f780083e8 100644 --- a/src/man/po/br.po +++ b/src/man/po/br.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2014-12-14 11:51-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Breton (http://www.transifex.com/projects/p/sssd/language/" @@ -205,11 +205,11 @@ msgstr "" #. type: Content of: #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Dre ziouer : true" @@ -226,11 +226,11 @@ msgid "" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -264,8 +264,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -295,8 +295,8 @@ msgid "" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -360,19 +360,19 @@ msgid "" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Dre ziouer : 3" @@ -394,7 +394,7 @@ msgid "" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (neudennad)" @@ -414,12 +414,12 @@ msgid "" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (neudennad)" #. type: Content of: -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A printf 3 -compatible format that describes how to compose a " @@ -427,39 +427,39 @@ msgid "" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: " @@ -602,8 +602,8 @@ msgid "" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -873,7 +873,7 @@ msgid "" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -922,11 +922,11 @@ msgstr "re_expression (neudennad)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -953,12 +953,12 @@ msgid "" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "RANNOÙ SERVIJOÙ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -967,22 +967,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -992,17 +992,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1012,19 +1012,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 3" msgid "Default: 60, KCM: 300" msgstr "Dre ziouer : 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1035,14 +1035,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1050,44 +1050,44 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 msgid "offline_timeout_max (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1096,62 +1096,62 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 3" msgid "Default: 3600" msgstr "Dre ziouer : 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 3" msgid "Default: 30" msgstr "Dre ziouer : 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1163,58 +1163,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 -#: sssd-ldap.5.xml:331 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "Dre ziouer : 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1222,7 +1222,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1232,7 +1232,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1241,17 +1241,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1259,17 +1259,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "Dre ziouer : 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1277,17 +1277,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (neudennad)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1296,7 +1296,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1305,41 +1305,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "Dre zoiuer : root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1347,23 +1347,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1371,47 +1371,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1419,113 +1419,113 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1533,25 +1533,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 msgid "memcache_size_group (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1559,19 +1559,19 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1579,12 +1579,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 msgid "memcache_size_sid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1593,12 +1593,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1609,45 +1609,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 #, fuzzy #| msgid "Default: true" msgid "Default: <quote>*</quote>" msgstr "Dre ziouer : true" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1656,60 +1656,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1717,61 +1717,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "Dre zoiuer : 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 #, fuzzy #| msgid "re_expression (string)" msgid "pam_response_filter (string)" msgstr "re_expression (neudennad)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1780,51 +1780,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1835,23 +1835,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1859,7 +1859,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1868,17 +1868,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1886,31 +1886,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "Dre ziouer : 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1920,75 +1920,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -1996,19 +1996,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2016,40 +2016,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2057,36 +2057,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 #, fuzzy #| msgid "re_expression (string)" msgid "pam_cert_verification (string)" msgstr "re_expression (neudennad)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2096,7 +2096,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2104,59 +2104,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 msgid "passkey_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2164,7 +2164,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2176,63 +2176,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2240,12 +2240,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2256,7 +2256,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2264,7 +2264,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2272,7 +2272,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2281,47 +2281,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2330,30 +2330,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2361,7 +2361,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2369,22 +2369,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2392,25 +2392,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2418,7 +2418,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2433,7 +2433,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2441,45 +2441,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2487,7 +2487,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2495,17 +2495,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2516,24 +2516,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2543,22 +2543,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2566,51 +2566,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2619,12 +2619,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2634,7 +2634,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2642,7 +2642,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2651,38 +2651,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2693,7 +2693,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2704,24 +2704,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2729,12 +2729,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2743,26 +2743,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 #, fuzzy #| msgid "re_expression (string)" msgid "pac_check (string)" msgstr "re_expression (neudennad)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2773,24 +2773,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2798,24 +2798,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2827,7 +2827,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2838,60 +2838,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -2901,66 +2901,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -2968,17 +2968,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -2986,7 +2986,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -2995,60 +2995,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 #, fuzzy #| msgid "re_expression (string)" msgid "exclude_users (string)" msgstr "re_expression (neudennad)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 #, fuzzy #| msgid "filter_users, filter_groups (string)" msgid "exclude_groups (string)" msgstr "filter_users, filter_groups (neudennad)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "RANNOÙ DOMANI" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3058,12 +3058,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3072,14 +3072,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3088,38 +3088,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3128,24 +3128,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3154,29 +3154,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3190,14 +3190,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3206,39 +3206,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3247,19 +3247,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3270,139 +3270,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3411,17 +3411,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3433,23 +3433,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 -msgid "Determines if user credentials are also cached in the local LDB cache." +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3458,12 +3464,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3471,19 +3477,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3492,17 +3498,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3511,28 +3517,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3540,7 +3546,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3548,18 +3554,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3567,19 +3572,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3588,7 +3593,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3596,24 +3601,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3625,7 +3630,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3633,30 +3638,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3664,7 +3669,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3672,30 +3677,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3703,19 +3708,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3724,7 +3729,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3732,29 +3737,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3762,7 +3767,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3770,35 +3775,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3806,32 +3811,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3842,7 +3847,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3851,12 +3856,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3864,7 +3869,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3872,31 +3877,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3904,7 +3909,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3913,17 +3918,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3931,43 +3936,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3975,7 +3980,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3983,7 +3988,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3991,24 +3996,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4016,31 +4021,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4048,7 +4053,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4057,12 +4062,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4072,24 +4077,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4098,19 +4103,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4120,89 +4125,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3679 msgid "dns_resolver_server_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3702 msgid "dns_resolver_op_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4210,12 +4215,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4224,12 +4229,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3743 msgid "dns_resolver_use_search_list (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4237,7 +4242,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4245,71 +4250,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3758 #, fuzzy #| msgid "Default: 3" msgid "Default: TRUE" msgstr "Dre ziouer : 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4317,31 +4322,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4349,104 +4354,104 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3858 msgid "ldap_offline_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3861 msgid "ldap_enumeration_refresh_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3880 msgid "ldap_enumeration_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3883 msgid "ldap_connection_expire_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3886 msgid "ldap_connection_expire_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4454,27 +4459,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4484,34 +4489,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4520,19 +4525,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4540,24 +4545,96 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "re_expression (string)" +msgid "local_auth_policy (string)" +msgstr "re_expression (neudennad)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: match" +msgstr "Dre ziouer : 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4566,24 +4643,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4593,14 +4670,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4608,21 +4685,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4630,7 +4707,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4639,7 +4716,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4648,7 +4725,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4656,29 +4733,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4686,12 +4764,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4699,12 +4777,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4713,12 +4791,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4726,19 +4804,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4755,7 +4833,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4763,17 +4841,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4782,7 +4860,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4792,7 +4870,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4812,12 +4890,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4828,69 +4906,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4903,7 +4981,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4911,7 +4989,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4920,55 +4998,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -4977,17 +5055,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -4995,26 +5073,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5023,17 +5101,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5043,7 +5121,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5052,59 +5130,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5113,7 +5191,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5122,17 +5200,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5140,46 +5218,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5188,7 +5266,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5196,12 +5274,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5231,7 +5309,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5240,7 +5318,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5248,7 +5326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5259,7 +5337,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5270,7 +5348,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5324,26 +5402,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5353,33 +5431,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5388,71 +5466,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5461,7 +5539,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5472,12 +5550,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5485,32 +5563,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5521,37 +5599,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5560,74 +5638,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5636,24 +5714,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5661,7 +5739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5670,12 +5748,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -5683,7 +5761,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5693,7 +5771,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5703,67 +5781,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5771,7 +5849,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5779,12 +5857,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5792,12 +5870,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -5808,12 +5886,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5822,12 +5900,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5836,7 +5914,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5847,36 +5925,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 msgid "ldap_connection_idle_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -5884,29 +5962,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -5914,14 +5992,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -5929,17 +6007,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -5949,12 +6027,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -5962,17 +6040,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -5980,12 +6058,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -5993,7 +6071,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6004,7 +6082,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6013,7 +6091,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6021,12 +6099,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6034,7 +6112,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6042,26 +6120,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6069,7 +6147,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6077,7 +6155,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6085,41 +6163,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6128,32 +6206,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6161,24 +6239,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6186,17 +6265,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6207,24 +6286,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6235,12 +6314,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6253,7 +6332,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6265,17 +6344,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6283,49 +6362,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6333,28 +6412,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6366,7 +6445,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6374,7 +6453,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6382,39 +6461,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6424,7 +6503,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6432,26 +6511,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6460,7 +6539,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6468,31 +6547,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6505,51 +6584,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6558,12 +6637,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6579,12 +6658,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6593,14 +6672,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6609,24 +6688,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6634,19 +6713,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6655,7 +6734,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -6663,7 +6742,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6672,7 +6751,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -6680,22 +6759,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6705,14 +6784,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6725,12 +6804,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6740,81 +6819,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6823,74 +6902,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -6901,7 +6980,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -6909,53 +6988,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -6967,12 +7046,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -6980,43 +7059,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7024,14 +7103,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7041,19 +7120,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7061,7 +7140,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7069,106 +7148,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7177,59 +7256,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7238,22 +7317,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7262,14 +7341,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7277,7 +7356,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7290,27 +7369,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7326,13 +7405,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9669,12 +9748,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9682,17 +9761,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9700,7 +9779,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9759,65 +9838,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9825,179 +9911,179 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "re_expression (string)" msgid "ipa_access_order (string)" msgstr "re_expression (neudennad)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10005,34 +10091,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10040,12 +10126,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10053,33 +10139,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10087,59 +10173,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10147,128 +10233,128 @@ msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10278,19 +10364,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10298,7 +10384,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10310,12 +10396,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10323,7 +10409,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10333,80 +10419,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10420,7 +10506,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -10428,7 +10514,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11622,7 +11708,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11630,7 +11716,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11645,7 +11731,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11654,7 +11740,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11662,7 +11748,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11672,7 +11758,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -17281,7 +17367,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/ca.po b/src/man/po/ca.po index 9ea66b94fc8..45f2e263381 100644 --- a/src/man/po/ca.po +++ b/src/man/po/ca.po @@ -14,7 +14,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2015-10-18 04:13-0400\n" "Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n" "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/" @@ -231,11 +231,11 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Per defecte: true" @@ -255,11 +255,11 @@ msgstr "" "aleshores s'ignora aquesta opció." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -295,8 +295,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -326,8 +326,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Per defecte: 10" @@ -398,12 +398,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -413,7 +413,7 @@ msgstr "" "vençuts" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Per defecte: 3" @@ -435,7 +435,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (cadena)" @@ -457,12 +457,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -473,40 +473,40 @@ msgstr "" "compondre un FQN des dels components del nom d'usuari i del nom del domini." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "nom d'usuari" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" "el nom del domini tal com s'especifica al fitxer de configuració de l'SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -671,8 +671,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -952,7 +952,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Per defecte: Sense establir" @@ -1005,11 +1005,11 @@ msgstr "ldap_user_certificate (cadena)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -1048,12 +1048,12 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "SECCIONS DELS SERVEIS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -1066,22 +1066,22 @@ msgstr "" "quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "Opcions de configuració del servei general" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "Es poden utilitzar aquestes opcions per configurar qualsevol servei." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1091,17 +1091,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1111,19 +1111,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 300" msgid "Default: 60, KCM: 300" msgstr "Per defecte: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "offline_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1134,14 +1134,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1149,46 +1149,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "Per defecte: 60" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 #, fuzzy #| msgid "offline_timeout (integer)" msgid "offline_timeout_max (integer)" msgstr "offline_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1197,66 +1197,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 300" msgid "Default: 3600" msgstr "Per defecte: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 #, fuzzy #| msgid "offline_timeout + random_offset" msgid "offline_timeout_random_offset (integer)" msgstr "offline_timeout + random_offset" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 #, fuzzy #| msgid "offline_timeout + random_offset" msgid "[0 - offline_timeout_random_offset]" msgstr "offline_timeout + random_offset" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 300" msgid "Default: 30" msgstr "Per defecte: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1268,30 +1268,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 -#: sssd-ldap.5.xml:331 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "Per defecte: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "Opcions de configuració de l'NSS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -1299,12 +1299,12 @@ msgstr "" "Service Switch)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" @@ -1313,17 +1313,17 @@ msgstr "" "(peticions d'informació sobre tots els usuaris)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "Per defecte: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1334,7 +1334,7 @@ msgstr "" "valor entry_cache_timeout per al domini." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1350,7 +1350,7 @@ msgstr "" "peticions que esperen per a una actualització de la memòria cau." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1363,17 +1363,17 @@ msgstr "" "(0 desactiva aquesta característica)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "Per defecte: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1385,17 +1385,17 @@ msgstr "" "altra vegada." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "Per defecte: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1403,17 +1403,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1422,7 +1422,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1431,17 +1431,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "Per defecte: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (booleà)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" @@ -1449,12 +1449,12 @@ msgstr "" "aquesta opció a false." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "fallback_homedir (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." @@ -1463,7 +1463,7 @@ msgstr "" "si no se n'especifica cap explícitament amb el proveïdor de dades del domini." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" @@ -1471,7 +1471,7 @@ msgstr "" "override_homedir." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1481,25 +1481,25 @@ msgstr "" " " #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "exemple: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" "Per defecte: sense establir (cap substitució per als directoris inicials no " "establerts)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "override_shell (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1510,18 +1510,18 @@ msgstr "" "pot configurar ja sigui en la secció [nss] o per cada domini." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" "Per defecte: sense establir (SSSD utilitzarà el valor recuperat del LDAP)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "allowed_shells (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" @@ -1529,31 +1529,31 @@ msgstr "" "d'avaluació és:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "1. Si el shell està present al <quote>/etc/shells</quote>, s'utilitza." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1561,117 +1561,117 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "vetoed_shells (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "shell_fallback (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "Per defecte: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "default_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "get_domains_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_timeout (integer)" msgstr "enum_cache_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_passwd (integer)" msgstr "enum_cache_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1679,27 +1679,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "Per defecte: 8" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_group (integer)" msgstr "enum_cache_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1707,21 +1707,21 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Per defecte: 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_initgroups (integer)" msgstr "enum_cache_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1729,14 +1729,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_sid (integer)" msgstr "enum_cache_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1745,12 +1745,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "user_attributes (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1761,45 +1761,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 #, fuzzy #| msgid "Default: <quote>permit</quote>" msgid "Default: <quote>*</quote>" msgstr "Per defecte: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1808,12 +1808,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "Opcions de configuració del PAM" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." @@ -1822,12 +1822,12 @@ msgstr "" "(Pluggable Authentication Module)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." @@ -1837,17 +1837,17 @@ msgstr "" "de sessió)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "Per defecte: 0 (sense límit)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." @@ -1856,12 +1856,12 @@ msgstr "" "fallits es permet." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." @@ -1871,7 +1871,7 @@ msgstr "" "possible." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1879,17 +1879,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "Per defecte: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." @@ -1898,45 +1898,45 @@ msgstr "" "l'autenticació. Com més gran sigui el nombre més missatges es mostren." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "L'sssd actualment admet els següents valors:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis>: no mostris cap missatge" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis>: Mostra només missatges importants" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis>: Mostra missatges informatius" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" "<emphasis>3</emphasis>: Mostra tots els missatges i informació de depuració" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "Per defecte: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 #, fuzzy #| msgid "ad_access_filter (string)" msgid "pam_response_filter (string)" msgstr "ad_access_filter (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1945,51 +1945,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -2000,23 +2000,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -2028,7 +2028,7 @@ msgstr "" "l'última informació." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -2042,17 +2042,17 @@ msgstr "" "excessives al proveïdor d'identitat." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -2060,31 +2060,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "Per defecte: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "pam_trusted_users (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -2094,75 +2094,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "pam_public_domains (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "Per defecte: none" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "pam_account_expired_message (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2170,19 +2170,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2190,42 +2190,42 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 #, fuzzy #| msgid "ldap_chpass_update_last_change (bool)" msgid "pam_passkey_auth (bool)" msgstr "ldap_chpass_update_last_change (booleà)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "Per defecte: False" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2233,36 +2233,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 #, fuzzy #| msgid "ldap_user_certificate (string)" msgid "pam_cert_verification (string)" msgstr "ldap_user_certificate (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2272,7 +2272,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, fuzzy, no-wrap #| msgid "" #| "ad_gpo_map_service = +my_pam_service\n" @@ -2285,61 +2285,61 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "pam_id_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "pam_id_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2347,7 +2347,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2359,63 +2359,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "login" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "su" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "su-l" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "gdm-smartcard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "gdm-password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "kdm" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "sudo" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "sudo-i" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2423,12 +2423,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2439,7 +2439,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2447,7 +2447,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2455,7 +2455,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2464,47 +2464,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2513,19 +2513,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 #, fuzzy #| msgid "ad_gpo_map_service (string)" msgid "pam_gssapi_services" msgstr "ad_gpo_map_service (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 #, fuzzy #| msgid "Comma separated list of users who are allowed to log in." msgid "" @@ -2535,13 +2535,13 @@ msgstr "" "Llista separada per comes dels usuaris a qui se'ls permet iniciar la sessió." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2549,7 +2549,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, fuzzy, no-wrap #| msgid "" #| "ad_gpo_map_service = +my_pam_service\n" @@ -2562,22 +2562,22 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Exemple: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2585,25 +2585,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Per defecte: True" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2611,7 +2611,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2626,7 +2626,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2634,45 +2634,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, fuzzy, no-wrap #| msgid "" #| "ad_gpo_map_permit = +my_pam_service, -sudo\n" @@ -2685,7 +2685,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2693,7 +2693,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 #, fuzzy #| msgid "Default: not set (no substitution for unset home directories)" msgid "Default: not set (use of authentication indicators is not required)" @@ -2702,12 +2702,12 @@ msgstr "" "establerts)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "Opcions de configuració de SUDO" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2725,24 +2725,24 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "sudo_timed (booleà)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2752,23 +2752,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" "Es poden utilitzar aquestes opcions per configurar el servei de l'autofs." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "autofs_negative_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2776,51 +2776,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "Es poden utilitzar aquestes opcions per configurar el servei de l'SSH." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "ssh_hash_known_hosts (booleà)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "ssh_known_hosts_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "Per defecte: 180" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2829,12 +2829,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2844,7 +2844,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2852,7 +2852,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2861,38 +2861,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "Opcions de configuració del contestador del PAC." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2903,7 +2903,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2914,25 +2914,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" "Es poden utilitzar aquestes opcions per configurar el contestador del PAC." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "allowed_uids (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2940,12 +2940,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2954,26 +2954,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 #, fuzzy #| msgid "ldap_schema (string)" msgid "pac_check (string)" msgstr "ldap_schema (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2984,24 +2984,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -3009,24 +3009,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -3038,7 +3038,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -3049,41 +3049,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -3096,19 +3096,19 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -3118,66 +3118,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3185,17 +3185,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3203,7 +3203,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3212,64 +3212,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 #, fuzzy #| msgid "simple_deny_users (string)" msgid "exclude_users (string)" msgstr "simple_deny_users (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 #, fuzzy #| msgid "Default: empty, i.e. ldap_uri is used." msgid "Default: Empty. No users excluded." msgstr "Per defecte: buit, és a dir, s'utilitza ldap_uri." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 #, fuzzy #| msgid "simple_deny_groups (string)" msgid "exclude_groups (string)" msgstr "simple_deny_groups (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 #, fuzzy #| msgid "Default: empty, i.e. ldap_uri is used." msgid "Default: Empty. No groups excluded." msgstr "Per defecte: buit, és a dir, s'utilitza ldap_uri." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "SECCIONS DE DOMINI" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3279,12 +3279,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3293,14 +3293,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3309,31 +3309,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "min_id, max_id (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." @@ -3342,7 +3342,7 @@ msgstr "" "fora d'aquests límits, s'ignora." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3355,24 +3355,24 @@ msgstr "" "com s'esperava." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Per defecte: 1 per a min_id, 0 (sense límit) per a max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "enumerate (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3381,29 +3381,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = Els usuaris i grups s'enumeren" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = Cap enumeració per a aquest domini" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "Per defecte: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3417,7 +3417,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." @@ -3427,7 +3427,7 @@ msgstr "" "finalitzi." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3441,39 +3441,39 @@ msgstr "" "ús." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "subdomain_enumerate (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "all" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3482,12 +3482,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" @@ -3496,7 +3496,7 @@ msgstr "" "demanar al rerefons una altra vegada" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3507,139 +3507,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "Per defecte: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "entry_cache_user_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "Per defecte: entry_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "entry_cache_group_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "entry_cache_netgroup_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "entry_cache_service_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "entry_cache_sudo_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "entry_cache_autofs_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "entry_cache_ssh_host_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "refresh_expired_interval (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3648,17 +3648,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3670,28 +3670,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "Per defecte: 0 (inhabilitat)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "cache_credentials (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 -#, fuzzy -#| msgid "" -#| "Determines if user credentials are also cached in the local LDB cache" -msgid "Determines if user credentials are also cached in the local LDB cache." +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" -"Determina si les credencials d'usuari també són emmagatzemades en la memòria " -"cau local de LDB" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3700,12 +3701,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3713,19 +3714,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3738,17 +3739,17 @@ msgstr "" "ha de ser superior o igual que offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "Per defecte: 0 (sense límit)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3757,28 +3758,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Per defecte: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "id_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3786,7 +3787,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3794,18 +3795,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +#| "citerefentry> for more information on configuring LDAP." msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" +"<quote>ldap</quote> per autenticació nativa LDAP. Vegeu " +"<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> per a més informació sobre configuració d'LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3813,19 +3821,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3838,7 +3846,7 @@ msgstr "" "l'usuari mentre que <command>getent passwd test@LOCAL</command> sí." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3846,24 +3854,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3875,7 +3883,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3883,23 +3891,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "auth_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -3908,7 +3916,7 @@ msgstr "" "d'autenticació suportats són:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3919,7 +3927,7 @@ msgstr "" "manvolnum></citerefentry> per a més informació sobre configuració d'LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3930,7 +3938,7 @@ msgstr "" "manvolnum></citerefentry> per a més informació sobre configurar Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" @@ -3938,12 +3946,12 @@ msgstr "" "de PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> impossibilita l'autenticació explícitament." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -3952,12 +3960,12 @@ msgstr "" "gestionar les sol·licituds d'autenticació." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "access_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3968,19 +3976,19 @@ msgstr "" "instal·lats) Els proveïdors especials interns són:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> sempre denega l'accés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3993,7 +4001,7 @@ msgstr "" "configuració del mòdul d'accés simple." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4001,22 +4009,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "Per defecte: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "chpass_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4025,7 +4033,7 @@ msgstr "" "al domini. Els proveïdors de canvi de contrasenya compatibles són:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4033,7 +4041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4044,7 +4052,7 @@ msgstr "" "manvolnum></citerefentry> per a més informació sobre configurar Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" @@ -4052,12 +4060,12 @@ msgstr "" "objectiu PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "<quote>none</quote> rebutja els canvis de contrasenya explícitament." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4066,17 +4074,17 @@ msgstr "" "gestionar peticions de canvi de contrasenya." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "sudo_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4084,32 +4092,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4120,7 +4128,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4129,12 +4137,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "selinux_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4142,7 +4150,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4150,31 +4158,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "subdomains_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4182,7 +4190,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4191,17 +4199,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4209,43 +4217,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "autofs_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4253,7 +4261,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4261,7 +4269,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4269,24 +4277,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "hostid_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4294,31 +4302,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4326,7 +4334,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4335,12 +4343,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4350,24 +4358,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4376,19 +4384,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4398,17 +4406,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Per defecte: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "lookup_family_order (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -4417,76 +4425,76 @@ msgstr "" "realitzar cerques de DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "Valors admesos:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "ipv4_first: Intenta resoldre l'adreça IPv4, si falla, intenta IPv6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "ipv4_only: Intenta resoldre només noms màquina a adreces IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "ipv6_first: Intenta resoldre l'adreça IPv6, si falla, intenta IPv4" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "ipv6_only: Intenta resoldre només noms màquina a adreces IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "Per defecte: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3679 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "Per defecte: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3702 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4494,12 +4502,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4508,14 +4516,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3743 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4523,7 +4531,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4531,17 +4539,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "Per defecte: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -4550,52 +4558,52 @@ msgstr "" "del domini de la consulta DNS del servei de descobriment." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "Per defecte: Utilitza la part del domini del nom de màquina" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "override_gid (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "case_sensitive (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4603,14 +4611,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3789 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -4623,17 +4631,17 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "subdomain_inherit (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4641,130 +4649,130 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3849 #, fuzzy #| msgid "ldap_search_timeout (integer)" msgid "ldap_search_timeout" msgstr "ldap_search_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3852 #, fuzzy #| msgid "ldap_network_timeout (integer)" msgid "ldap_network_timeout" msgstr "ldap_network_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3855 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3858 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_offline_timeout" msgstr "ldap_connection_expire_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3861 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3864 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3870 #, fuzzy #| msgid "ldap_purge_cache_timeout" msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3877 #, fuzzy #| msgid "ldap_krb5_ticket_lifetime (integer)" msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3880 #, fuzzy #| msgid "ldap_enumeration_search_timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3883 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3886 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3889 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_expire_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3904 #, fuzzy #| msgid "case_sensitive (string)" msgid "case_sensitive" msgstr "case_sensitive (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4774,27 +4782,27 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4804,34 +4812,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Per defecte: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "realmd_tags (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4840,19 +4848,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4860,24 +4868,102 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "" +#| "The following example shows a minimal idmapd.conf which makes use of the " +#| "sss plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"En el següent exemple es mostra un idmapd.conf mínim que fa ús del connector " +"sss. <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: cn" +msgid "Default: match" +msgstr "Per defecte: cn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4886,24 +4972,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4913,14 +4999,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4928,21 +5014,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4950,7 +5036,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4959,7 +5045,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4968,7 +5054,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4979,31 +5065,36 @@ msgstr "" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "El servidor intermediari on reenvia PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4145 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" "Per defecte: No està establit per defecte, heu de prendre una configuració " "de pam existent o crear-ne una de nova i afegir aquí el nom del servei." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5014,12 +5105,12 @@ msgstr "" "format _nss_$(libName)_$(function), per exemple _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5027,12 +5118,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5041,12 +5132,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5054,7 +5145,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5063,12 +5154,12 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5085,7 +5176,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5093,17 +5184,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5112,7 +5203,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5122,7 +5213,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -5142,12 +5233,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -5158,69 +5249,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5233,7 +5324,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5241,7 +5332,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5250,55 +5341,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5307,17 +5398,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5325,26 +5416,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5353,17 +5444,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5373,7 +5464,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5382,59 +5473,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5443,7 +5534,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5452,17 +5543,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5470,39 +5561,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4516 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -5515,7 +5606,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5524,7 +5615,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5532,12 +5623,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5591,7 +5682,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5600,7 +5691,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5608,7 +5699,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5619,7 +5710,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5630,7 +5721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5686,14 +5777,23 @@ msgstr "Podeu configurar SSSD per utilitzar més d'un domini d'LDAP." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" "El rerefons LDAP suporta proveïdors d'identificació, autenticació, accés i " "canvi de contrasenya. Si voleu autenticar contra un servidor LDAP s'exigeix " @@ -5704,19 +5804,19 @@ msgstr "" "informació sobre l'ús d'LDAP com un proveïdor d'accés." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "OPCIONS DE CONFIGURACIÓ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "ldap_uri, ldap_backup_uri (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5726,33 +5826,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<host>[:port]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "exemple: ldap://[fc00::126:25]:389" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5761,67 +5861,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "Per habilitar el servei descobriment s'ha d'establir " "ldap_chpass_dns_service_name." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "Per defecte: buit, és a dir, s'utilitza ldap_uri." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "ldap_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" "El DN base per defecte a utilitzar per realitzar operacions d'usuari d'LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "Exemples:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" @@ -5830,7 +5930,7 @@ msgstr "" "(host=thishost)?dc=exemple.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5839,7 +5939,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5850,12 +5950,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "ldap_schema (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5863,32 +5963,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "rfc2307bis" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5899,37 +5999,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "Per defecte: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5938,75 +6038,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" "El vincle DN per defecte per utilitzar en realitzar les operacions d'LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "El tipus de testimoni d'autenticació del vincle DN per defecte." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "Els dos mecanismes suportats actualment són:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "contrasenya" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "Per defecte: password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -6019,24 +6119,24 @@ msgstr "" "voleu utilitzar un àmbit en majúscules." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "ldap_purge_cache_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -6047,7 +6147,7 @@ msgstr "" "los per estalviar espai." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -6056,12 +6156,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -6073,7 +6173,7 @@ msgstr "" "RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -6083,7 +6183,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -6093,67 +6193,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "Per defecte: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "Per defecte: el valor de <emphasis>ldap_search_base</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "ldap_service_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -6161,7 +6261,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -6169,12 +6269,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -6182,12 +6282,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -6204,12 +6304,12 @@ msgstr "" "manvolnum></citerefentry> retorna en cas de cap activitat." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -6218,12 +6318,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -6232,7 +6332,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -6243,38 +6343,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "Per defecte: 900 (15 minuts)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout (integer)" msgstr "ldap_connection_expire_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -6282,29 +6382,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "ldap_disable_paging (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -6312,14 +6412,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -6327,17 +6427,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "ldap_disable_range_retrieval (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -6347,12 +6447,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "ldap_sasl_minssf (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -6360,17 +6460,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6378,12 +6478,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6391,7 +6491,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6402,7 +6502,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6411,7 +6511,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6419,12 +6519,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6432,7 +6532,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6440,12 +6540,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -6455,7 +6555,7 @@ msgstr "" "valors següents:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -6464,7 +6564,7 @@ msgstr "" "certificat del servidor." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6476,7 +6576,7 @@ msgstr "" "normalment." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6487,7 +6587,7 @@ msgstr "" "proporciona un certificat dolent, immediatament s'acaba la sessió." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6498,22 +6598,22 @@ msgstr "" "immediatament s'acaba la sessió." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "Per defecte: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -6522,7 +6622,7 @@ msgstr "" "Certificació que reconeixerà l'<command>sssd</command>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -6531,12 +6631,12 @@ msgstr "" "<filename>/etc/openldap/ldap.conf</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6550,32 +6650,32 @@ msgstr "" "correctes." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6583,26 +6683,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" "Especifica que la connexió id_provider també ha d'utilitzar <systemitem " "class=\"protocol\">tls</systemitem> per a protegir el canal." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "ldap_id_mapping (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6610,17 +6715,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6631,24 +6736,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6659,12 +6764,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6677,7 +6782,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6689,17 +6794,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "ldap_sasl_realm (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6707,51 +6812,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "Per defecte: el valor de krb5_realm." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "Per defecte: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Per defecte: Fitxer keytab de sistema, normalment <filename>/etc/krb5." "keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6759,28 +6864,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "Per defecte: 86400 (24 hores)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "krb5_server, krb5_backup_server (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6792,7 +6897,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6803,7 +6908,7 @@ msgstr "" "retorna a _tcp si no se'n troba cap." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6815,41 +6920,41 @@ msgstr "" "<quote>krb5_server</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" "Per defecte: Paràmetres predeterminats del sistema, vegeu <filename>/etc/" "krb5.conf</filename>" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "krb5_use_kdcinfo (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6859,7 +6964,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6867,12 +6972,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -6881,7 +6986,7 @@ msgstr "" "costat del client. S'admeten els valors següents:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -6890,7 +6995,7 @@ msgstr "" "opció no inhabilita les polítiques de contrasenya de servidor." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6899,7 +7004,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6911,25 +7016,25 @@ msgstr "" "contrasenya." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" "Especifica si el seguiment automàtic del referenciador s'hauria d'habilitar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -6938,7 +7043,7 @@ msgstr "" "quan es compila amb la versió 2.4.13 o superiors d'OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6951,29 +7056,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "Especifica el nom de servei per utilitzar quan està habilitada la detecció " "de serveis." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "Per defecte: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." @@ -6983,25 +7088,25 @@ msgstr "" "dels serveis." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" "Defecte: no definit, és a dir, el descobriment de serveis està inhabilitat" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "ldap_chpass_update_last_change (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -7010,12 +7115,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -7031,12 +7136,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "Exemple:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -7045,14 +7150,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -7061,17 +7166,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "Per defecte: Buit" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." @@ -7080,7 +7185,7 @@ msgstr "" "d'atributs de control d'accés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -7092,12 +7197,12 @@ msgstr "" "contrasenya és correcta." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "S'admeten els valors següents:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." @@ -7106,7 +7211,7 @@ msgstr "" "determinar si el compte ha caducat." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -7115,7 +7220,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -7123,7 +7228,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -7132,7 +7237,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -7140,24 +7245,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "ldap_access_order (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "Llista separada per comes d'opcions de control d'accés. Els valors permesos " "són:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis>: utilitza ldap_access_filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -7167,14 +7272,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -7187,12 +7292,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "<emphasis>expire</emphasis>: utilitza ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -7202,38 +7307,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" @@ -7242,31 +7347,31 @@ msgstr "" "authorizedService per determinar l'accés" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "Per defecte: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." @@ -7275,12 +7380,12 @@ msgstr "" "s'utilitza més d'una vegada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "ldap_pwdlockout_dn (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -7289,22 +7394,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "Exemple: cn=ppolicy,ou=policies,dc=exemple,dc=com" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "Per defecte: cn=ppolicy,ou=policies,$ldap_search_base" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "ldap_deref (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" @@ -7313,13 +7418,13 @@ msgstr "" "es fa una cerca. S'admeten les opcions següents:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" "<emphasis>never</emphasis>: les referències dels àlies mai són eliminades." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." @@ -7329,7 +7434,7 @@ msgstr "" "de la cerca." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." @@ -7338,7 +7443,7 @@ msgstr "" "només en localitzar l'objecte base de la cerca." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." @@ -7347,7 +7452,7 @@ msgstr "" "en la recerca i en la localització de l'objecte base de la cerca." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -7356,19 +7461,19 @@ msgstr "" "biblioteques de client LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "ldap_rfc2307_fallback_to_local_users (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -7379,7 +7484,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -7387,57 +7492,57 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 #, fuzzy #| msgid "debug_level (integer)" msgid "ldap_library_debug_level (integer)" msgstr "debug_level (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 #, fuzzy #| msgid "Default: 0 (disabled)" msgid "Default: 0 (libldap debugging disabled)" msgstr "Per defecte: 0 (inhabilitat)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -7449,12 +7554,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "OPCIONS DE SUDO" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7462,43 +7567,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "ldap_sudo_full_refresh_interval (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "Per defecte: 21600 (6 hores)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "ldap_sudo_smart_refresh_interval (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7506,14 +7611,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7523,21 +7628,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 #, fuzzy #| msgid "ldap_idmap_range_size (integer)" msgid "ldap_sudo_random_offset (integer)" msgstr "ldap_idmap_range_size (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7545,7 +7650,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7553,106 +7658,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "ldap_sudo_use_host_filter (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "ldap_sudo_hostnames (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "ldap_sudo_ip (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "ldap_sudo_include_netgroups (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "ldap_sudo_include_regexp (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7661,59 +7766,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "OPCIONS D'AUTOFS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "ldap_autofs_map_master_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "Per defecte: auto.master" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "OPCIONS AVANÇADES" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "<note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7722,22 +7827,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "</note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "ldap_sudo_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "ldap_autofs_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7746,14 +7851,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "EXEMPLE" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7764,7 +7869,7 @@ msgstr "" "replaceable>." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7777,27 +7882,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7813,13 +7918,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "NOTES" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -10281,12 +10386,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -10294,19 +10399,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 #, fuzzy #| msgid "dyndns_iface (string)" msgid "dyndns_auth_ptr (string)" msgstr "dyndns_iface (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -10314,7 +10419,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -10373,65 +10478,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "Per defecte: False (inhabilitat)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "dyndns_force_tcp (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -10439,185 +10551,185 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "ldap_access_order (string)" msgid "ipa_access_order (string)" msgstr "ldap_access_order (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 #, fuzzy #| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "<emphasis>expire</emphasis>: utilitza ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "Per defecte: Utilitza el DN base" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 #, fuzzy #| msgid "ipa_subdomains_search_base (string)" msgid "ipa_subid_ranges_search_base (string)" msgstr "ipa_subdomains_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 #, fuzzy #| msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "Per defecte: el valor de <emphasis>ldap_search_base</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "ipa_host_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "ipa_selinux_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "ipa_subdomains_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "ipa_master_domain_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "ipa_views_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "krb5_confd_path (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10625,34 +10737,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "Per defecte: 5 (segons)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10660,12 +10772,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "ipa_hbac_selinux (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10673,33 +10785,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "ipa_server_mode (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10707,59 +10819,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "ipa_automount_location (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "ipa_view_class (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "Per defecte: nsContainer" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "ipa_view_name (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10767,128 +10879,128 @@ msgid "Default: cn" msgstr "Per defecte: cn" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "Per defecte: ipaOverrideAnchor" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "ipa_anchor_uuid (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "Per defecte: ipaAnchorUUID" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "ipa_user_override_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "ldap_user_name" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "ldap_user_uid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "ldap_user_gid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "ldap_user_gecos" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "ldap_user_home_directory" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "ldap_user_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "ldap_user_ssh_public_key" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "Per defecte: ipaUserOverride" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "ipa_group_override_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "ldap_group_name" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "ldap_group_gid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "Per defecte: ipaGroupOverride" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10898,19 +11010,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "PROVEÏDOR DELS SUBDOMINIS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10918,7 +11030,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10930,12 +11042,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10943,7 +11055,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10953,80 +11065,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -11040,7 +11152,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11052,7 +11164,7 @@ msgstr "" "específiques del proveïdor IPA." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -12276,7 +12388,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -12284,7 +12396,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -12308,7 +12420,7 @@ msgstr "" "ad_domain = exemple.com\n" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -12320,7 +12432,7 @@ msgstr "" "ldap_account_expire_policy = ad\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -12328,7 +12440,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -12338,7 +12450,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -18249,7 +18361,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> @@ -19218,6 +19330,22 @@ msgid "" "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" +#, fuzzy +#~| msgid "These options can be used to configure the InfoPipe responder." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "" +#~ "Es poden utilitzar aquestes opcions per configurar el contestador de " +#~ "l'InfoPipe." + +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "Determina si les credencials d'usuari també són emmagatzemades en la " +#~ "memòria cau local de LDB" + #~ msgid "" #~ "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " #~ "which translates to \"the name is everything up to the <quote>@</quote> " diff --git a/src/man/po/cs.po b/src/man/po/cs.po index dbf3502ec4e..d9646b5b5bf 100644 --- a/src/man/po/cs.po +++ b/src/man/po/cs.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2022-05-20 09:18+0000\n" "Last-Translator: Pavel Borecki <pavel.borecki@gmail.com>\n" "Language-Team: Czech <https://translate.fedoraproject.org/projects/sssd/sssd-" @@ -223,11 +223,11 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Výchozí: true (pravda)" @@ -244,11 +244,11 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -282,8 +282,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -313,8 +313,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -380,19 +380,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Výchozí: 3" @@ -414,7 +414,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "" @@ -434,12 +434,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (řetězec)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -447,39 +447,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "uživatelské jméno" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -626,8 +626,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -897,7 +897,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -942,11 +942,11 @@ msgstr "" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -973,12 +973,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -987,22 +987,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1012,17 +1012,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1032,19 +1032,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 200000" msgid "Default: 60, KCM: 300" msgstr "Výchozí: 200000" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1055,14 +1055,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1070,46 +1070,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 #, fuzzy #| msgid "ldap_idmap_range_max (integer)" msgid "offline_timeout_max (integer)" msgstr "ldap_idmap_range_max (celé číslo)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1118,64 +1118,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 200000" msgid "Default: 3600" msgstr "Výchozí: 200000" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 #, fuzzy #| msgid "ldap_idmap_range_size (integer)" msgid "offline_timeout_random_offset (integer)" msgstr "ldap_idmap_range_size (celé číslo)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 200000" msgid "Default: 30" msgstr "Výchozí: 200000" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1187,58 +1187,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 -#: sssd-ldap.5.xml:331 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1249,7 +1249,7 @@ msgstr "" "doménu." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1259,7 +1259,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1268,17 +1268,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1286,17 +1286,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1304,17 +1304,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1323,7 +1323,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1332,41 +1332,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1374,23 +1374,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1398,47 +1398,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1446,74 +1446,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." @@ -1522,39 +1522,39 @@ msgstr "" "platný." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1562,27 +1562,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 #, fuzzy #| msgid "ldap_idmap_range_size (integer)" msgid "memcache_size_group (integer)" msgstr "ldap_idmap_range_size (celé číslo)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1590,19 +1590,19 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1610,14 +1610,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 #, fuzzy #| msgid "ldap_idmap_range_size (integer)" msgid "memcache_size_sid (integer)" msgstr "ldap_idmap_range_size (celé číslo)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1626,12 +1626,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1642,43 +1642,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 msgid "Default: <quote>*</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1687,60 +1687,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1748,59 +1748,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1809,51 +1809,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1864,23 +1864,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1888,7 +1888,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1897,17 +1897,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "Zobrazit varování N dnů před skončením platnosti hesla." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1915,31 +1915,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1949,75 +1949,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2025,19 +2025,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2045,40 +2045,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2086,34 +2086,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2123,7 +2123,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2131,61 +2131,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "timeout (celé kladné číslo)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2193,7 +2193,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2205,63 +2205,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2269,12 +2269,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2285,7 +2285,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2293,7 +2293,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2301,7 +2301,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2310,47 +2310,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2359,30 +2359,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2390,7 +2390,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2398,22 +2398,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2421,25 +2421,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2447,7 +2447,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2462,7 +2462,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2470,45 +2470,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2516,7 +2516,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2524,17 +2524,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2545,24 +2545,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2572,22 +2572,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2595,51 +2595,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2648,12 +2648,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2663,7 +2663,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2671,7 +2671,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2680,38 +2680,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2722,7 +2722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2733,24 +2733,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2758,12 +2758,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2772,26 +2772,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 #, fuzzy #| msgid "krb5_rcache_dir (string)" msgid "pac_check (string)" msgstr "krb5_rcache_dir (řetězec)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2802,24 +2802,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2827,24 +2827,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2856,7 +2856,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2867,60 +2867,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -2930,66 +2930,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3000,17 +3000,17 @@ msgstr "" "mezer, změně velikosti písmen, atd." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3021,7 +3021,7 @@ msgstr "" "nahrazení mezer, změn velikosti písmen, atd." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3030,60 +3030,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 #, fuzzy #| msgid "simple_deny_users (string)" msgid "exclude_users (string)" msgstr "simple_deny_users (řetězec)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 #, fuzzy #| msgid "simple_deny_groups (string)" msgid "exclude_groups (string)" msgstr "simple_deny_groups (řetězec)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3093,12 +3093,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3107,14 +3107,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3123,38 +3123,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3163,24 +3163,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3189,29 +3189,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3225,14 +3225,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3241,39 +3241,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3282,19 +3282,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3305,108 +3305,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." @@ -3415,31 +3415,31 @@ msgstr "" "dlouhou dobu ponechávat klíč hostitel v mezipaměti." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3448,17 +3448,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3470,23 +3470,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 -msgid "Determines if user credentials are also cached in the local LDB cache." +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3495,12 +3501,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3512,19 +3518,19 @@ msgstr "" "otisk do mezipaměti." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3533,17 +3539,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3552,28 +3558,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3581,7 +3587,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3589,18 +3595,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3608,19 +3613,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3629,7 +3634,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3637,24 +3642,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3666,7 +3671,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3674,30 +3679,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3705,7 +3710,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3713,30 +3718,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3744,19 +3749,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3765,7 +3770,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3773,29 +3778,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3803,7 +3808,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3811,35 +3816,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3847,32 +3852,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3883,7 +3888,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3892,12 +3897,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3905,7 +3910,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3913,31 +3918,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3945,7 +3950,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3954,17 +3959,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3972,43 +3977,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4016,7 +4021,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4024,7 +4029,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4032,24 +4037,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4057,31 +4062,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4089,7 +4094,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4098,12 +4103,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4113,7 +4118,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" @@ -4122,17 +4127,17 @@ msgstr "" # auto translated by TM merge from project: Fedora Websites, version: # fedorahosted.org, DocId: po/fedorahosted #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4141,19 +4146,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4163,93 +4168,93 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3679 #, fuzzy #| msgid "dns_resolver_timeout" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3702 #, fuzzy #| msgid "dns_resolver_op_timeout" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_op_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4257,12 +4262,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4271,14 +4276,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3743 #, fuzzy #| msgid "dns_resolver_timeout" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4286,7 +4291,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4294,71 +4299,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3758 #, fuzzy #| msgid "Default: 3" msgid "Default: TRUE" msgstr "Výchozí: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4366,31 +4371,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4398,120 +4403,120 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3849 #, fuzzy #| msgid "dns_resolver_timeout" msgid "ldap_search_timeout" msgstr "dns_resolver_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3852 #, fuzzy #| msgid "dns_resolver_timeout" msgid "ldap_network_timeout" msgstr "dns_resolver_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3855 #, fuzzy #| msgid "dns_resolver_op_timeout" msgid "ldap_opt_timeout" msgstr "dns_resolver_op_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3858 #, fuzzy #| msgid "dns_resolver_timeout" msgid "ldap_offline_timeout" msgstr "dns_resolver_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3861 #, fuzzy #| msgid "dns_resolver_op_timeout" msgid "ldap_enumeration_refresh_timeout" msgstr "dns_resolver_op_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3880 #, fuzzy #| msgid "dns_resolver_op_timeout" msgid "ldap_enumeration_search_timeout" msgstr "dns_resolver_op_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3883 #, fuzzy #| msgid "dns_resolver_op_timeout" msgid "ldap_connection_expire_timeout" msgstr "dns_resolver_op_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3886 #, fuzzy #| msgid "dns_resolver_op_timeout" msgid "ldap_connection_expire_offset" msgstr "dns_resolver_op_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4519,27 +4524,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4549,34 +4554,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "Různé štítky uložené službou nastavování realmd pro tuto doménu." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4585,19 +4590,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4605,24 +4610,96 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "simple_deny_users (string)" +msgid "local_auth_policy (string)" +msgstr "simple_deny_users (řetězec)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: match" +msgstr "Výchozí: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4631,24 +4708,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4658,14 +4735,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4673,21 +4750,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4695,7 +4772,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4704,7 +4781,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4713,7 +4790,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4721,29 +4798,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4751,12 +4829,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4764,12 +4842,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4778,12 +4856,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4791,19 +4869,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4820,7 +4898,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4828,17 +4906,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4847,7 +4925,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4857,7 +4935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4877,12 +4955,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4893,69 +4971,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4968,7 +5046,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4976,7 +5054,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4985,55 +5063,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5042,17 +5120,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5060,26 +5138,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5088,17 +5166,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5108,7 +5186,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5117,59 +5195,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5178,7 +5256,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5187,17 +5265,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5205,46 +5283,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5253,7 +5331,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5261,12 +5339,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5296,7 +5374,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5305,7 +5383,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5313,7 +5391,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5324,7 +5402,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5335,7 +5413,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5389,26 +5467,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5418,33 +5496,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5453,71 +5531,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5526,7 +5604,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5537,12 +5615,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5550,32 +5628,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5586,37 +5664,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5625,76 +5703,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "" # auto translated by TM merge from project: FreeIPA, version: ipa-4-5, DocId: # po/ipa #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "heslo" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5703,24 +5781,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5728,7 +5806,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5737,12 +5815,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -5750,7 +5828,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5760,7 +5838,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5770,67 +5848,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5838,7 +5916,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5846,12 +5924,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5859,12 +5937,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -5875,12 +5953,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5889,12 +5967,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5903,7 +5981,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5914,38 +5992,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 #, fuzzy #| msgid "dns_resolver_op_timeout" msgid "ldap_connection_idle_timeout (integer)" msgstr "dns_resolver_op_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -5953,29 +6031,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -5983,14 +6061,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -5998,17 +6076,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -6018,12 +6096,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -6031,17 +6109,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6049,12 +6127,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6062,7 +6140,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6073,7 +6151,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6082,7 +6160,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6090,12 +6168,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6103,7 +6181,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6111,26 +6189,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6138,7 +6216,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6146,7 +6224,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6154,41 +6232,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6197,32 +6275,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6230,24 +6308,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6255,17 +6334,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6276,24 +6355,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6304,12 +6383,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6322,7 +6401,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6334,17 +6413,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6352,49 +6431,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6402,28 +6481,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6435,7 +6514,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6443,7 +6522,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6451,39 +6530,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6493,7 +6572,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6501,26 +6580,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6529,7 +6608,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6537,31 +6616,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6574,51 +6653,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6627,12 +6706,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6648,12 +6727,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6662,14 +6741,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6678,24 +6757,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6703,19 +6782,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6724,7 +6803,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -6732,7 +6811,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6741,7 +6820,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -6749,22 +6828,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6774,14 +6853,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6794,12 +6873,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6809,81 +6888,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6892,67 +6971,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -6961,7 +7040,7 @@ msgstr "" "používají schéma dle normy RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -6972,7 +7051,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -6980,55 +7059,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 #, fuzzy #| msgid "ldap_idmap_range_size (integer)" msgid "ldap_library_debug_level (integer)" msgstr "ldap_idmap_range_size (celé číslo)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -7040,12 +7119,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7053,43 +7132,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7097,14 +7176,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7114,21 +7193,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 #, fuzzy #| msgid "ldap_idmap_range_size (integer)" msgid "ldap_sudo_random_offset (integer)" msgstr "ldap_idmap_range_size (celé číslo)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7136,7 +7215,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7144,106 +7223,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7252,59 +7331,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "Název v LDAP hlavní mapy pro automatické připojování." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7313,22 +7392,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7337,14 +7416,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7352,7 +7431,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7365,27 +7444,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7401,13 +7480,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9769,12 +9848,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9782,17 +9861,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9800,7 +9879,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9859,65 +9938,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9925,181 +10011,181 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "krb5_rcache_dir (string)" msgid "ipa_access_order (string)" msgstr "krb5_rcache_dir (řetězec)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 #, fuzzy #| msgid "simple_deny_users (string)" msgid "ipa_subid_ranges_search_base (string)" msgstr "simple_deny_users (řetězec)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10107,34 +10193,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10142,12 +10228,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10155,33 +10241,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10189,59 +10275,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10249,128 +10335,128 @@ msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10380,19 +10466,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10400,7 +10486,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10412,12 +10498,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10425,7 +10511,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10435,80 +10521,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10522,7 +10608,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -10530,7 +10616,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11724,7 +11810,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11732,7 +11818,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11747,7 +11833,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11756,7 +11842,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11764,7 +11850,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11774,7 +11860,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -17388,7 +17474,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/de.po b/src/man/po/de.po index 5a6187b14fd..81afc72dd35 100644 --- a/src/man/po/de.po +++ b/src/man/po/de.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2021-02-02 14:40+0000\n" "Last-Translator: Sumit Bose <sbose@redhat.com>\n" "Language-Team: German <https://translate.fedoraproject.org/projects/sssd/" @@ -219,11 +219,11 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Voreinstellung: »true«" @@ -240,11 +240,11 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -280,8 +280,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -311,8 +311,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Voreinstellung: 10" @@ -383,12 +383,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -398,7 +398,7 @@ msgstr "" "startet." #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Voreinstellung: 3" @@ -420,7 +420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (Zeichenkette)" @@ -443,12 +443,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -460,32 +460,32 @@ msgstr "" "zusammengestellt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "Benutzername" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "Domain-Name, wie er durch die SSSD-Konfigurationsdatei angegeben wird" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." @@ -494,7 +494,7 @@ msgstr "" "direkt konfiguriert als auch über IPA-Trust" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -658,8 +658,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -937,7 +937,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Voreinstellung: Nicht gesetzt" @@ -990,11 +990,11 @@ msgstr "ipa_automount_location (Zeichenkette)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -1033,12 +1033,12 @@ msgstr "" "verwendet. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "DIENSTABSCHNITTE" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -1051,22 +1051,22 @@ msgstr "" "Abschnitt zum Beispiel <quote>[nss]</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "Allgemeine Optionen zum Konfigurieren von Diensten" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "Diese Optionen können zur Konfiguration jedes Dienstes benutzt werden." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1082,17 +1082,17 @@ msgstr "" "Begrenzung in der »limit.conf« sein." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "Voreinstellung: 8192 (oder die »harte« Begrenzung der »limit.conf«)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1102,19 +1102,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 300" msgid "Default: 60, KCM: 300" msgstr "Voreinstellung: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "offline_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1125,14 +1125,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1140,46 +1140,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "Voreinstellung: 60" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 #, fuzzy #| msgid "offline_timeout (integer)" msgid "offline_timeout_max (integer)" msgstr "offline_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1188,64 +1188,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 300" msgid "Default: 3600" msgstr "Voreinstellung: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 #, fuzzy #| msgid "offline_timeout (integer)" msgid "offline_timeout_random_offset (integer)" msgstr "offline_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 300" msgid "Default: 30" msgstr "Voreinstellung: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1257,30 +1257,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 -#: sssd-ldap.5.xml:331 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "Voreinstellung: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "NSS-Konfigurationsoptionen" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -1288,12 +1288,12 @@ msgstr "" "benutzt werden" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" @@ -1302,17 +1302,17 @@ msgstr "" "über alle Nutzer) zwischenspeichern?" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "Voreinstellung: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1324,7 +1324,7 @@ msgstr "" "werden." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1341,7 +1341,7 @@ msgstr "" "Zwischenspeicheraktualisierung zu warten." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1354,17 +1354,17 @@ msgstr "" "Sekunden senken. (0 schaltet diese Funktionalität aus.)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "Voreinstellung: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1376,17 +1376,17 @@ msgstr "" "Backend erneut gefragt wird)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "Voreinstellung: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1394,17 +1394,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1413,7 +1413,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1422,17 +1422,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "Voreinstellung: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (Boolesch)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" @@ -1440,12 +1440,12 @@ msgstr "" "setzen Sie diese Option auf »false«." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "fallback_homedir (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." @@ -1454,7 +1454,7 @@ msgstr "" "es nicht explizit durch den Datenanbieter der Domain angegeben wurde." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" @@ -1462,7 +1462,7 @@ msgstr "" "»override_homedir«." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1472,25 +1472,25 @@ msgstr "" " " #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Beispiel: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" "Voreinstellung: nicht gesetzt (kein Ersetzen nicht gesetzter Home-" "Verzeichnisse)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "override_shell (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1501,19 +1501,19 @@ msgstr "" "entweder im Abschnitt [nss] oder für jede Domain gesetzt werden." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" "Voreinstellung: nicht gesetzt (SSSD wird den von LDAP erhaltenen Wert " "benutzen)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "allowed_shells (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" @@ -1521,12 +1521,12 @@ msgstr "" "Reihenfolge der Auswertung ist:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "1. Falls die Shell in »/etc/shells« vorhanden ist, wird sie benutzt." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." @@ -1535,7 +1535,7 @@ msgstr "" "shells« steht, wird der Wert des Parameters »shell_fallback« verwendet." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." @@ -1544,12 +1544,12 @@ msgstr "" "steht, wird eine Nicht-Login-Shell benutzt." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1557,13 +1557,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" "Eine leere Zeichenkette als Shell wird, so wie sie ist, an Libc übergeben." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." @@ -1572,28 +1572,28 @@ msgstr "" "Fall einer neu installierten Shell ein Neustart von SSSD nötig ist." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" "Voreinstellung: nicht gesetzt. Die Benutzer-Shell wird automatisch verwendet." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "vetoed_shells (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "ersetzt jedwede Instanz dieser Shells durch die aus »shell_fallback«." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "shell_fallback (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" @@ -1601,17 +1601,17 @@ msgstr "" "auf dem Rechner installiert ist." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "Voreinstellung: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "default_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." @@ -1621,7 +1621,7 @@ msgstr "" "jede Domain gesetzt werden." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" @@ -1631,12 +1631,12 @@ msgstr "" "Vernünftiges, üblicherweise /bin/sh, ersetzt.)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "get_domains_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." @@ -1645,43 +1645,43 @@ msgstr "" "gültig erachtet wird." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_timeout (integer)" msgstr "enum_cache_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_passwd (integer)" msgstr "enum_cache_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1689,27 +1689,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_group (integer)" msgstr "enum_cache_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1717,21 +1717,21 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Voreinstellung: 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_initgroups (integer)" msgstr "enum_cache_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1739,14 +1739,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_sid (integer)" msgstr "enum_cache_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1755,12 +1755,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "user_attributes (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1771,38 +1771,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 #, fuzzy #| msgid "Default: <quote>permit</quote>" msgid "Default: <quote>*</quote>" msgstr "Voreinstellung: »permit«" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 #, fuzzy #| msgid "This option can also be set per-domain." msgid "" @@ -1811,7 +1811,7 @@ msgid "" msgstr "Diese Option kann auch pro Domain gesetzt werden." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1820,12 +1820,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "PAM-Konfigurationsoptionen" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." @@ -1834,12 +1834,12 @@ msgstr "" "Authentication Module« (PAM) einzurichten." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." @@ -1849,17 +1849,17 @@ msgstr "" "erfolgreichen Anmeldung)?" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "Voreinstellung: 0 (unbegrenzt)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." @@ -1868,12 +1868,12 @@ msgstr "" "Authentifizierungsanbieter offline ist?" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." @@ -1883,7 +1883,7 @@ msgstr "" "Anmeldeversuch möglich ist." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1895,17 +1895,17 @@ msgstr "" "Authentifizierung reaktivieren." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "Voreinstellung: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." @@ -1914,45 +1914,45 @@ msgstr "" "angezeigt werden. Je höher die Zahl, desto mehr Nachrichten werden angezeigt." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "Derzeit unterstützt SSSD folgende Werte:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis>: keine Nachricht anzeigen" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis>: nur wichtige Nachrichten anzeigen" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis>: nur informative Nachrichten anzeigen" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" "<emphasis>3</emphasis>: alle Nachrichten und Debug-Informationen anzeigen" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "Voreinstellung: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 #, fuzzy #| msgid "ad_access_filter (string)" msgid "pam_response_filter (string)" msgstr "ad_access_filter (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1961,51 +1961,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -2016,23 +2016,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -2044,7 +2044,7 @@ msgstr "" "den neusten Informationen erfolgt." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -2058,17 +2058,17 @@ msgstr "" "viele Abfragen der Identitätsanbieter zu vermeiden." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "zeigt N Tage vor Ablauf des Passworts eine Warnung an." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -2079,7 +2079,7 @@ msgstr "" "SSSD keine Warnung anzeigen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -2089,7 +2089,7 @@ msgstr "" "automatisch angezeigt." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." @@ -2098,17 +2098,17 @@ msgstr "" "emphasis> für eine bestimmte Domain außer Kraft gesetzt werden." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "Voreinstellung: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -2118,75 +2118,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "Voreinstellung: none" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2194,19 +2194,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2214,42 +2214,42 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 #, fuzzy #| msgid "ldap_chpass_update_last_change (bool)" msgid "pam_passkey_auth (bool)" msgstr "ldap_chpass_update_last_change (Boolesch)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "Voreinstellung: False" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2257,36 +2257,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 #, fuzzy #| msgid "ipa_automount_location (string)" msgid "pam_cert_verification (string)" msgstr "ipa_automount_location (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2296,7 +2296,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, fuzzy, no-wrap #| msgid "" #| "fallback_homedir = /home/%u\n" @@ -2309,61 +2309,61 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "pam_id_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "pam_id_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2371,7 +2371,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2383,63 +2383,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2447,12 +2447,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2463,7 +2463,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2471,7 +2471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2479,7 +2479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2488,47 +2488,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2537,17 +2537,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 #, fuzzy #| msgid "Comma separated list of users who are allowed to log in." msgid "" @@ -2556,13 +2556,13 @@ msgid "" msgstr "Durch Kommata getrennte Liste von Benutzern, die sich anmelden dürfen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2570,7 +2570,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, fuzzy, no-wrap #| msgid "" #| "fallback_homedir = /home/%u\n" @@ -2583,22 +2583,22 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2606,25 +2606,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Voreinstellung: True" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2632,7 +2632,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2647,7 +2647,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2655,45 +2655,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2701,7 +2701,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2709,7 +2709,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 #, fuzzy #| msgid "Default: not set (no substitution for unset home directories)" msgid "Default: not set (use of authentication indicators is not required)" @@ -2718,12 +2718,12 @@ msgstr "" "Verzeichnisse)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "Sudo-Konfigurationsoptionen" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2741,12 +2741,12 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "sudo_timed (Boolesch)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." @@ -2756,12 +2756,12 @@ msgstr "" "nicht." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2771,23 +2771,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "AUTOFS-Konfigurationsoptionen" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" "Diese Optionen können zum Konfigurieren des Dienstes »autofs« benutzt werden." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "autofs_negative_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2798,23 +2798,23 @@ msgstr "" "nicht existierende), bevor das Backend erneut befragt wird." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "SSH-Konfigurationsoptionen" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" "Diese Optionen können zum Konfigurieren des SSH-Dienstes benutzt werden." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "ssh_hash_known_hosts (Boolesch)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." @@ -2823,12 +2823,12 @@ msgstr "" "»known_hosts« zusammengemischt werden oder nicht." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "ssh_known_hosts_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." @@ -2837,17 +2837,17 @@ msgstr "" "»known_hosts« behalten wird, bevor seine Rechnerschlüssel abgefragt werden." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "Voreinstellung: 180" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2856,12 +2856,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2871,7 +2871,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2879,7 +2879,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2888,38 +2888,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "PAC-Responder-Konfigurationsoptionen" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2930,7 +2930,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2941,7 +2941,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." @@ -2950,18 +2950,18 @@ msgstr "" "diesen Gruppen hinzugefügt." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" "Diese Optionen können zur Konfiguration des PAC-Responders verwendet werden." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "allowed_uids (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2972,14 +2972,14 @@ msgstr "" "beim Starten zu UIDs aufgelöst." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" "Voreinstellung: 0 (Nur dem Benutzer Root ist der Zugriff auf den PAC-" "Responder gestattet.)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2992,26 +2992,26 @@ msgstr "" "der Liste der erlaubten UIDs auch die 0 hinzufügen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 #, fuzzy #| msgid "ldap_schema (string)" msgid "pac_check (string)" msgstr "ldap_schema (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -3022,24 +3022,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -3047,24 +3047,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -3076,7 +3076,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -3087,41 +3087,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -3134,19 +3134,19 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -3156,66 +3156,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3223,17 +3223,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3241,7 +3241,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3250,64 +3250,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 #, fuzzy #| msgid "simple_deny_users (string)" msgid "exclude_users (string)" msgstr "simple_deny_users (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 #, fuzzy #| msgid "Default: empty, i.e. ldap_uri is used." msgid "Default: Empty. No users excluded." msgstr "Voreinstellung: leer, d.h., dass »ldap_uri« benutzt wird" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 #, fuzzy #| msgid "simple_deny_groups (string)" msgid "exclude_groups (string)" msgstr "simple_deny_groups (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 #, fuzzy #| msgid "Default: empty, i.e. ldap_uri is used." msgid "Default: Empty. No groups excluded." msgstr "Voreinstellung: leer, d.h., dass »ldap_uri« benutzt wird" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "DOMAIN-ABSCHNITTE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3317,12 +3317,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3331,14 +3331,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3347,31 +3347,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." @@ -3380,7 +3380,7 @@ msgstr "" "enthält, der jenseits dieser Beschränkungen liegt, wird er ignoriert." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3393,7 +3393,7 @@ msgstr "" "werden jene, die im Bereich liegen, wie erwartet gemeldet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." @@ -3402,17 +3402,17 @@ msgstr "" "den Zwischenspeicher und nicht nur ihre Rückgabe über Name oder ID." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Voreinstellung: 1 für »min_id«, 0 (keine Beschränkung) für »max_id«" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "enumerate (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3421,29 +3421,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = Benutzer und Gruppen werden aufgezählt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = keine Aufzählungen für diese Domain" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "Voreinstellung: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3457,7 +3457,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." @@ -3467,7 +3467,7 @@ msgstr "" "Ergebnisse zurück." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3482,7 +3482,7 @@ msgstr "" "benutzten »id_provider«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." @@ -3491,32 +3491,32 @@ msgstr "" "insbesondere in großen Umgebungen, nicht empfohlen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "subdomain_enumerate (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "all" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "Alle entdeckten vertrauenswürdigen Domains werden aufgezählt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "Keine der entdeckten vertrauenswürdigen Domains wird aufgezählt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3530,12 +3530,12 @@ msgstr "" "Domains aktivieren." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" @@ -3544,7 +3544,7 @@ msgstr "" "soll, bevor das Backend erneut abgefragt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3562,17 +3562,17 @@ msgstr "" "wurden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "Voreinstellung: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "entry_cache_user_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" @@ -3581,19 +3581,19 @@ msgstr "" "betrachten soll, bevor das Backend erneut abgefragt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "Voreinstellung: entry_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "entry_cache_group_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" @@ -3602,12 +3602,12 @@ msgstr "" "betrachten soll, bevor das Backend erneut abgefragt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "entry_cache_netgroup_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" @@ -3616,12 +3616,12 @@ msgstr "" "betrachten soll, bevor das Backend erneut abgefragt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "entry_cache_service_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" @@ -3630,24 +3630,24 @@ msgstr "" "betrachten soll, bevor das Backend erneut abgefragt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "entry_cache_sudo_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" @@ -3656,12 +3656,12 @@ msgstr "" "bevor das Backend erneut abgefragt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "entry_cache_autofs_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" @@ -3671,36 +3671,36 @@ msgstr "" "wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "refresh_expired_interval (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." @@ -3710,7 +3710,7 @@ msgstr "" "abgelaufenen oder beinahe abgelaufenen Daten aktualisiert werden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3719,19 +3719,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" "Sie können in Betracht ziehen, diesen Wert auf 3/4 * entry_cache_timeout zu " "setzen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3743,28 +3743,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "Voreinstellung: 0 (deaktiviert)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "cache_credentials (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 -#, fuzzy -#| msgid "" -#| "Determines if user credentials are also cached in the local LDB cache" -msgid "Determines if user credentials are also cached in the local LDB cache." +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" -"bestimmt, ob auch Benutzerberechtigungen im lokalen LDB-Zwischenspeicher " -"zwischengespeichert werden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3773,12 +3774,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3790,19 +3791,19 @@ msgstr "" "gespeichert zu werden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3815,17 +3816,17 @@ msgstr "" "Parameters muss größer oder gleich »offline_credentials_expiration« sein." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "Voreinstellung: 0 (unbegrenzt)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3838,17 +3839,17 @@ msgstr "" "Authentifizierungsanbieter konfiguriert werden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Voreinstellung: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "id_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -3856,12 +3857,12 @@ msgstr "" "werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3869,7 +3870,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3880,13 +3881,18 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" "»ipa«: Anbieter von FreeIPA und Red Hat Enterprise Identity Management. " "Weitere Informationen über die Konfiguration von FreeIPA finden Sie unter " @@ -3894,8 +3900,8 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3907,12 +3913,12 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -3922,7 +3928,7 @@ msgstr "" "Benutzers, der an NSS gemeldet wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3936,7 +3942,7 @@ msgstr "" "test@LOCAL</command> würde ihn hingegen finden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3948,24 +3954,24 @@ msgstr "" "nicht voll qualifizierter Name angefragt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "gibt beim Nachschlagen der Gruppe nicht die Gruppenmitglieder zurück." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3977,7 +3983,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3985,23 +3991,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "auth_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -4010,7 +4016,7 @@ msgstr "" "Authentifizierungsanbieter werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4021,7 +4027,7 @@ msgstr "" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4033,19 +4039,19 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" "»proxy« zur Weitergabe der Authentifizierung an irgendein anderes PAM-Ziel" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "»none« deaktiviert explizit die Authentifizierung." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -4054,12 +4060,12 @@ msgstr "" "mit Authentifizierungsanfragen umgehen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "access_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -4070,7 +4076,7 @@ msgstr "" "Backends enthalten sind). Interne Spezialanbieter sind:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -4079,12 +4085,12 @@ msgstr "" "für eine lokale Domain." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "»deny« verweigert dem Zugriff immer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -4097,7 +4103,7 @@ msgstr "" "simple</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4105,22 +4111,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "Voreinstellung: »permit«" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "chpass_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4129,7 +4135,7 @@ msgstr "" "Folgende Anbieter von Passwortänderungen werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4137,7 +4143,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4149,19 +4155,19 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" "»proxy« zur Weitergabe der Passwortänderung an irgendein anderes PAM-Ziel" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "»none« verbietet explizit Passwortänderungen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4170,19 +4176,19 @@ msgstr "" "kann mit Passwortänderungsanfragen umgehen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "sudo_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "der für diese Domain benutzte Sudo-Anbieter. Folgende Sudo-Anbieter werden " "unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4193,7 +4199,7 @@ msgstr "" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." @@ -4202,7 +4208,7 @@ msgstr "" "Vorgabeeinstellungen für IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." @@ -4211,19 +4217,19 @@ msgstr "" "Vorgabeeinstellungen für AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "»none« deaktiviert explizit Sudo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "Voreinstellung: Falls gesetzt, wird der Wert von »id_provider« benutzt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4240,7 +4246,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4249,12 +4255,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "selinux_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4265,7 +4271,7 @@ msgstr "" "Zugriffsanbieter beendet hat. Folgende SELinux-Anbieter werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4277,12 +4283,12 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "»none« verbietet explizit das Abholen von SELinux-Einstellungen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." @@ -4291,12 +4297,12 @@ msgstr "" "kann SELinux-Ladeanfragen handhaben." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "subdomains_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" @@ -4306,7 +4312,7 @@ msgstr "" "werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4318,7 +4324,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4327,17 +4333,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "»none« deaktiviert explizit das Abholen von Subdomains." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4345,37 +4351,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "autofs_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -4383,7 +4389,7 @@ msgstr "" "»autofs« werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4395,7 +4401,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4407,7 +4413,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4415,17 +4421,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "»none« deaktiviert explizit »autofs«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "hostid_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -4434,7 +4440,7 @@ msgstr "" "wird. Folgende Anbieter von »hostid« werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4446,31 +4452,31 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "»none« deaktiviert explizit »hostid«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4478,7 +4484,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4487,12 +4493,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4507,7 +4513,7 @@ msgstr "" "(NetBIOS-) Namen der Domain entsprechen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3560 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -4523,17 +4529,17 @@ msgstr "" "P<Name>[^@\\\\]+)$))« " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "Benutzername" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "Benutzername@Domain.Name" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3573 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -4551,12 +4557,12 @@ msgstr "" "P<Name>[^@\\\\]+)$))« " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "Domain\\Benutzername" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." @@ -4566,7 +4572,7 @@ msgstr "" "Windows-Domains zu ermöglichen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4576,17 +4582,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Voreinstellung: »%1$s@%2$s«" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "lookup_family_order (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -4594,80 +4600,80 @@ msgstr "" "ermöglicht es, die bei DNS-Abfragen zu bevorzugende Adressfamilie zu wählen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "unterstützte Werte:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first: versucht die IPv4- und, falls dies fehlschlägt, die IPv6-Adresse " "nachzuschlagen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "ipv4_only: versucht, nur Rechnernamen zu IPv4-Adressen aufzulösen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first: versucht die IPv6- und, falls dies fehlschlägt, die IPv4-Adresse " "nachzuschlagen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "ipv6_only: versucht, nur Rechnernamen zu IPv6-Adressen aufzulösen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "Voreinstellung: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3679 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "Voreinstellung: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3702 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4675,12 +4681,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4689,14 +4695,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3743 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4704,7 +4710,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4712,17 +4718,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "Voreinstellung: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -4731,52 +4737,52 @@ msgstr "" "DNS-Dienstabfrage an." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "Voreinstellung: Der Domain-Teil des Rechnernamens wird benutzt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "override_gid (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "überschreibt die Haupt-GID mit der angegebenen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4784,14 +4790,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3789 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -4804,17 +4810,17 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4822,128 +4828,128 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3849 #, fuzzy #| msgid "ldap_search_timeout (integer)" msgid "ldap_search_timeout" msgstr "ldap_search_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3852 #, fuzzy #| msgid "ldap_network_timeout (integer)" msgid "ldap_network_timeout" msgstr "ldap_network_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3855 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3858 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_offline_timeout" msgstr "ldap_connection_expire_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3861 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3864 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3870 #, fuzzy #| msgid "ldap_purge_cache_timeout (integer)" msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3877 #, fuzzy #| msgid "ldap_krb5_ticket_lifetime (integer)" msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3880 #, fuzzy #| msgid "ldap_enumeration_search_timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3883 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3886 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3889 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_expire_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4951,27 +4957,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "flacher (NetBIOS-) Name einer Subdomain" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4986,7 +4992,7 @@ msgstr "" "verwendet werden. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" @@ -4994,17 +5000,17 @@ msgstr "" "überschrieben werden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Voreinstellung: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "realmd_tags (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" @@ -5012,12 +5018,12 @@ msgstr "" "Kennzeichnungen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -5026,19 +5032,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -5046,24 +5052,96 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: cn" +msgid "Default: match" +msgstr "Voreinstellung: cn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5072,24 +5150,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5099,14 +5177,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5114,21 +5192,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5136,7 +5214,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5145,7 +5223,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5154,7 +5232,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -5166,32 +5244,37 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "das Proxy-Ziel, an das PAM weiterleitet" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4145 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" "Voreinstellung: standardmäßig nicht gesetzt, Sie müssen eine bestehende PAM-" "Konfiguration nehmen oder eine neue erstellen und hier den Dienstnamen " "hinzufügen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5202,12 +5285,12 @@ msgstr "" "»_nss_$(libName)_$(function)«, zum Beispiel »_nss_files_getpwent«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5215,12 +5298,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5234,12 +5317,12 @@ msgstr "" "veranlassen, die ID im Zwischenspeicher nachzuschlagen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5247,7 +5330,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5256,12 +5339,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5278,7 +5361,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5286,17 +5369,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5305,7 +5388,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5315,7 +5398,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -5335,12 +5418,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -5351,69 +5434,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5426,7 +5509,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5434,7 +5517,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5443,55 +5526,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5500,17 +5583,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5518,26 +5601,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5546,17 +5629,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5566,7 +5649,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5575,59 +5658,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5636,7 +5719,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5645,17 +5728,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5663,39 +5746,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4516 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -5708,7 +5791,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5717,7 +5800,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5725,12 +5808,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5784,7 +5867,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5793,7 +5876,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5801,7 +5884,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5812,7 +5895,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5823,7 +5906,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5879,14 +5962,23 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" "Das LDAP-Backend unterstützt ID-, Authentifizierungs-, Zugriffs- und Chpass-" "Anbieter. Falls Sie sich bei einem LDAP-Server authentifizieren möchten, " @@ -5898,19 +5990,19 @@ msgstr "" "unter »ldap_access_filter«." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "KONFIGURATIONSOPTIONEN" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "ldap_uri, ldap_backup_uri (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5925,18 +6017,18 @@ msgstr "" "aktiviert. Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" "Das Format der URI muss dem in RFC 2732 definierten Format entsprechen:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<Rechner>[:Port]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" @@ -5944,17 +6036,17 @@ msgstr "" "eckigen Klammern [] stehen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "Beispiel: ldap://[fc00::126:25]:389" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5967,31 +6059,31 @@ msgstr "" "Redundanz finden Sie im Abschnitt »AUSFALLSICHERUNG«. " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "Um die Dienstsuche zu aktivieren, muss »ldap_chpass_dns_service_name« " "gesetzt sein." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "Voreinstellung: leer, d.h., dass »ldap_uri« benutzt wird" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "ldap_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" "der Standardbasis-Domain-Name, der zur Durchführung von LDAP-" "Benutzeraktionen benutzt wird" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" @@ -6000,20 +6092,20 @@ msgstr "" "Syntax:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" "search_base[?Gültigkeitsbereich?[Filter][?search_base?Gültigkeitsbereich?" "[Filter]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" "Der Gültigkeitsbereich kann entweder »base«, »onelevel« oder »subtree« sein." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" @@ -6022,13 +6114,13 @@ msgstr "" "rfc/rfc2254.txt spezifiziert, sein." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "Beispiele:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" @@ -6037,7 +6129,7 @@ msgstr "" "dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" @@ -6046,7 +6138,7 @@ msgstr "" "(host=Dieser_Rechner)?dc=example.com?Unterverzeichnis?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -6059,7 +6151,7 @@ msgstr "" "Verhalten auf Client-Rechnern führen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -6076,12 +6168,12 @@ msgstr "" "haben, damit dies funktioniert. Mehrere Werte werden nicht unterstützt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "ldap_schema (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -6093,32 +6185,32 @@ msgstr "" "gehandhabt werden, kann sich ebenfalls unterscheiden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "Derzeit werden vier Schematypen unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "rfc2307bis" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -6136,37 +6228,37 @@ msgstr "" "Attribute passend zu den Werten von Active Directory 2008r2." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "Voreinstellung: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -6175,76 +6267,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" "der Standard-Bind-Domain-Name, der zum Durchführen von LDAP-Aktionen benutzt " "wird" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "der Typ des Authentifizierungs-Tokens des Standard-Bind-Domain-Namens" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "Die beiden derzeit unterstützten Mechanismen sind:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "Voreinstellung: password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -6257,12 +6349,12 @@ msgstr "" "ungleich Null, falls Sie einen Realm in Großbuchstaben wünschen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." @@ -6271,12 +6363,12 @@ msgstr "" "Zwischenspeicher aufgezählter Datensätze aktualisiert." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "ldap_purge_cache_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -6287,7 +6379,7 @@ msgstr "" "haben) und diese entfernt werden, um Platz zu sparen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -6296,12 +6388,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -6313,7 +6405,7 @@ msgstr "" "das Schema RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -6330,7 +6422,7 @@ msgstr "" "erfolgt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -6340,12 +6432,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "Voreinstellung: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." @@ -6355,25 +6447,25 @@ msgstr "" "und neuere Versionen ausgeführt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" "optional, verwendet die angegebene Zeichenkette als Suchgrundlage für " "Rechnerobjekte" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." @@ -6382,32 +6474,32 @@ msgstr "" "unter »ldap_search_base«." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "Voreinstellung: der Wert von <emphasis>ldap_search_base</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "ldap_service_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -6418,7 +6510,7 @@ msgstr "" "Ergebnisse zurückgegeben werden (und in den Offline-Modus gegangen wird)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -6429,12 +6521,12 @@ msgstr "" "Zeitüberschreitungspunkten für spezielle Nachschlagetypen ersetzt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -6446,12 +6538,12 @@ msgstr "" "(und in den Offline-Modus gegangen wird)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -6468,12 +6560,12 @@ msgstr "" "citerefentry> zurückkehrt, falls keine Aktivität stattfindet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -6482,12 +6574,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -6501,7 +6593,7 @@ msgstr "" "Lebensdauer) verwendet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -6512,38 +6604,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "Voreinstellung: 900 (15 Minuten)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout (integer)" msgstr "ldap_connection_expire_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 #, fuzzy #| msgid "" #| "Specifies a timeout (in seconds) that a connection to an LDAP server will " @@ -6562,17 +6654,17 @@ msgstr "" "Lebensdauer) verwendet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." @@ -6582,12 +6674,12 @@ msgstr "" "pro Anfrage." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "ldap_disable_paging (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -6599,7 +6691,7 @@ msgstr "" "deaktiviert ist oder sich nicht ordnungsgemäß verhält." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." @@ -6609,7 +6701,7 @@ msgstr "" "aber nicht in der Lage, es zu benutzen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -6621,17 +6713,17 @@ msgstr "" "abgelehnt werden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "ldap_disable_range_retrieval (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "deaktiviert die Bereichsabfrage von Active Directory" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -6647,12 +6739,12 @@ msgstr "" "es so aussehen, als ob große Gruppen keine Mitglieder hätten." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "ldap_sasl_minssf (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -6663,19 +6755,19 @@ msgstr "" "Werte dieser Option werden durch OpenLDAP definiert." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" "Voreinstellung: verwendet die Voreinstellungen des System (normalerweise in " "»ldap.conf« angegeben)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6683,12 +6775,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6700,7 +6792,7 @@ msgstr "" "nachgeschlagen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6711,7 +6803,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6724,7 +6816,7 @@ msgstr "" "unterstützten Server sind 389/RHDS, OpenLDAP und Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6735,12 +6827,12 @@ msgstr "" "Nachschlagen ohne Rücksicht auf die Einstellung deaktiviert." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6748,7 +6840,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6756,12 +6848,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -6771,7 +6863,7 @@ msgstr "" "Werte angegeben werden:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -6780,7 +6872,7 @@ msgstr "" "oder anfordern." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6792,7 +6884,7 @@ msgstr "" "Sitzung fährt normal fort." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6803,7 +6895,7 @@ msgstr "" "ungültiges Zertifikat bereitgestellt wird, wird die Sitzung sofort beendet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6814,22 +6906,22 @@ msgstr "" "sofort beendet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = entspricht »demand«" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "Voreinstellung: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -6838,7 +6930,7 @@ msgstr "" "die <command>sssd</command> erkennen wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -6847,12 +6939,12 @@ msgstr "" "<filename>/etc/openldap/ldap.conf</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6866,33 +6958,33 @@ msgstr "" "Erstellen der korrekten Namen verwendet werden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" "gibt die Datei an, die das Zertifikat für den Schlüssel des Clients enthält." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "gibt die Datei an, die den Schlüssel des Clients enthält." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6900,26 +6992,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" "gibt an, dass die Verbindung »id_provider« auch <systemitem " "class=\"protocol\">tls</systemitem> benutzen muss, um den Kanal abzusichern." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "ldap_id_mapping (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6931,19 +7028,19 @@ msgstr "" "verlassen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" "Derzeit unterstützt diese Funktionalität nur das Abbilden von Active-" "Directory-ObjectSIDs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6962,24 +7059,24 @@ msgstr "" "Abbildung von IDs wählen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "Voreinstellung: nicht gesetzt (beide Optionen sind auf 0 gesetzt)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6990,12 +7087,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -7008,7 +7105,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -7020,17 +7117,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "Voreinstellung Rechner/MeinRechner@BEREICH" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "ldap_sasl_realm (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -7041,17 +7138,17 @@ msgstr "" "»ldap_sasl_authid« ebenfalls den Realm enthält, wird diese Option ignoriert." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "Voreinstellung: der Wert von »krb5_realm«" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." @@ -7061,34 +7158,34 @@ msgstr "" "Bind in eine kanonische Form zu bringen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "Voreinstellung: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Voreinstellung: Keytab des Systems, normalerweise <filename>/etc/krb5." "keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -7096,28 +7193,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "Voreinstellung: 86400 (24 Stunden)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "krb5_server, krb5_backup_server (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -7136,7 +7233,7 @@ msgstr "" "Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -7147,7 +7244,7 @@ msgstr "" "Protokoll angeben. Falls keine gefunden werden, weicht es auf _tcp aus." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -7159,29 +7256,29 @@ msgstr "" "migrieren." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" "Voreinstellung: Systemvoreinstellungen, siehe <filename>/etc/krb5.conf</" "filename>" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" @@ -7191,12 +7288,12 @@ msgstr "" "Kerberos >= 1.7 verfügbar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "krb5_use_kdcinfo (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -7212,7 +7309,7 @@ msgstr "" "manvolnum> </citerefentry> einrichten." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -7223,12 +7320,12 @@ msgstr "" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -7237,7 +7334,7 @@ msgstr "" "Passworts abgeschätzt werden soll. Die folgenden Werte sind erlaubt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -7246,7 +7343,7 @@ msgstr "" "kann keine Server-seitigen Passwortregelwerke deaktivieren." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 #, fuzzy #| msgid "" #| "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" @@ -7263,7 +7360,7 @@ msgstr "" "manvolnum></citerefentry>, um abzuschätzen, ob das Passwort erloschen ist." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -7275,7 +7372,7 @@ msgstr "" "Passwort geändert wurde." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." @@ -7285,17 +7382,17 @@ msgstr "" "festgelegten Regel." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "gibt an, ob automatische Verweisverfolgung aktiviert werden soll." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -7304,7 +7401,7 @@ msgstr "" "mit OpenLDAP Version 2.4.13 oder höher kompiliert wurde." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 #, fuzzy #| msgid "" #| "Chasing referrals may incur a performance penalty in environments that " @@ -7328,28 +7425,28 @@ msgstr "" "merkliche Leistungsverbesserung bringen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "gibt an, welcher Dienstname bei aktivierter Dienstsuche benutzt werden soll." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "Voreinstellung: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." @@ -7358,17 +7455,17 @@ msgstr "" "soll, der Passwortänderungen bei aktivierter Dienstsuche ermöglicht." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "Voreinstellung: nicht gesetzt, d.h. Dienstsuche ist deaktiviert" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "ldap_chpass_update_last_change (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." @@ -7377,7 +7474,7 @@ msgstr "" "Passwortänderung mit Unix-Zeit geändert wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -7386,12 +7483,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -7421,12 +7518,12 @@ msgstr "" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "Beispiel:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -7438,7 +7535,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." @@ -7447,7 +7544,7 @@ msgstr "" "beschränkt, deren employeeType-Attribut auf »admin« gesetzt ist." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -7456,17 +7553,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "Voreinstellung: leer" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." @@ -7475,7 +7572,7 @@ msgstr "" "Zugriffssteuerungsattribute aktiviert werden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -7486,12 +7583,12 @@ msgstr "" "einem geeigneten Fehlercode zurückweisen, wenn das Passwort korrekt ist." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "Die folgenden Werte sind erlaubt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." @@ -7500,7 +7597,7 @@ msgstr "" "»ldap_user_shadow_expire«, um zu bestimmen, ob das Konto abgelaufen ist." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -7513,7 +7610,7 @@ msgstr "" "gewährt. Außerdem wird die Ablaufzeit des Kontos geprüft." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -7524,7 +7621,7 @@ msgstr "" "Zugriff erlaubt wird oder nicht." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -7537,7 +7634,7 @@ msgstr "" "Zugriff gewährt wird. Falls diese Attribute fehlen, wird Zugriff erteilt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -7548,24 +7645,24 @@ msgstr "" "»ldap_account_expire_policy« funktioniert." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "ldap_access_order (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "durch Kommata getrennte Liste von Zugriffssteuerungsoptionen. Folgende Werte " "sind erlaubt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis>: verwendet »ldap_access_filter«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -7575,14 +7672,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -7595,12 +7692,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "<emphasis>expire</emphasis>: verwendet »ldap_account_expire_policy«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -7610,38 +7707,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" @@ -7650,33 +7747,33 @@ msgstr "" "»authorizedService«, um zu bestimmen, ob Zugriff gewährt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" "<emphasis>host</emphasis>: verwendet das Attribut »host«, um zu bestimmen, " "ob Zugriff gewährt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "Voreinstellung: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." @@ -7685,12 +7782,12 @@ msgstr "" "mehr als einmal benutzt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -7699,22 +7796,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "ldap_deref (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" @@ -7723,12 +7820,12 @@ msgstr "" "folgenden Optionen sind erlaubt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "<emphasis>never</emphasis>: Alias werden nie dereferenziert." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." @@ -7738,7 +7835,7 @@ msgstr "" "Suche." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." @@ -7747,7 +7844,7 @@ msgstr "" "der Suche dereferenziert." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." @@ -7756,7 +7853,7 @@ msgstr "" "Orten des Basisobjekts der Suche dereferenziert." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -7765,12 +7862,12 @@ msgstr "" "<emphasis>never</emphasis> gehandhabt.)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "ldap_rfc2307_fallback_to_local_users (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -7779,7 +7876,7 @@ msgstr "" "beizubehalten, die das Schema RFC2307 benutzen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -7797,7 +7894,7 @@ msgstr "" "getpw*() oder initgroups() abzurufen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -7808,57 +7905,57 @@ msgstr "" "die lokalen Benutzer um zusätzliche LDAP-Gruppen erweitert werden." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 #, fuzzy #| msgid "debug_level (integer)" msgid "ldap_library_debug_level (integer)" msgstr "debug_level (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 #, fuzzy #| msgid "Default: 0 (disabled)" msgid "Default: 0 (libldap debugging disabled)" msgstr "Voreinstellung: 0 (deaktiviert)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -7870,12 +7967,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "SUDO-OPTIONEN" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7886,12 +7983,12 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "ldap_sudo_full_refresh_interval (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." @@ -7901,7 +7998,7 @@ msgstr "" "heruntergeladen werden)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" @@ -7910,24 +8007,24 @@ msgstr "" "emphasis> sein." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "Voreinstellung: 21600 (6 Stunden)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "ldap_sudo_smart_refresh_interval (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7935,7 +8032,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." @@ -7944,7 +8041,7 @@ msgstr "" "das Attribut »modifyTimestamp« benutzt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7954,21 +8051,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 #, fuzzy #| msgid "ldap_idmap_range_size (integer)" msgid "ldap_sudo_random_offset (integer)" msgstr "ldap_idmap_range_size (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7976,7 +8073,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7984,17 +8081,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "ldap_sudo_use_host_filter (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." @@ -8004,12 +8101,12 @@ msgstr "" "Netzwerkadressen und Rechnernamen)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "ldap_sudo_hostnames (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." @@ -8018,7 +8115,7 @@ msgstr "" "Domain-Namen, die zum Filtern der Regeln benutzt werden sollen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." @@ -8027,8 +8124,8 @@ msgstr "" "voll qualifizierten Domain-Namen automatisch herauszufinden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." @@ -8037,17 +8134,17 @@ msgstr "" "emphasis> ist, hat diese Option keine Auswirkungen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "Voreinstellung: nicht angegeben" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "ldap_sudo_ip (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." @@ -8056,7 +8153,7 @@ msgstr "" "Netzwerkadressen, die zum Filtern der Regeln benutzt werden sollen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." @@ -8065,12 +8162,12 @@ msgstr "" "herauszufinden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "ldap_sudo_include_netgroups (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." @@ -8079,12 +8176,12 @@ msgstr "" "eine Netzgruppe im Attribut »sudoHost« enthält." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "ldap_sudo_include_regexp (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." @@ -8093,14 +8190,14 @@ msgstr "" "einen Platzhalter im Attribut »sudoHost« enthält." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -8113,59 +8210,59 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "AUTOFS-OPTIONEN" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "ldap_autofs_map_master_name (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "Der Name der Automount-Master-Abbildung in LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "Voreinstellung: auto.master" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "ERWEITERTE OPTIONEN" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -8174,22 +8271,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "ldap_sudo_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "ldap_autofs_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -8198,14 +8295,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "BEISPIEL" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -8216,7 +8313,7 @@ msgstr "" "gesetzt ist." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -8229,27 +8326,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -8265,13 +8362,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "ANMERKUNGEN" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -10761,12 +10858,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -10774,19 +10871,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 #, fuzzy #| msgid "dyndns_iface (string)" msgid "dyndns_auth_ptr (string)" msgstr "dyndns_iface (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -10794,7 +10891,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -10870,17 +10967,24 @@ msgstr "" "Weiterleitungsdatensätze ändern." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "Voreinstellung: False (deaktiviert)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "dyndns_force_tcp (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." @@ -10889,48 +10993,48 @@ msgstr "" "DNS-Server verwenden soll" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "Voreinstellung: False (lässt Nsupdate das Protokoll auswählen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -10938,52 +11042,52 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "ldap_access_order (string)" msgid "ipa_access_order (string)" msgstr "ldap_access_order (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 #, fuzzy #| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "<emphasis>expire</emphasis>: verwendet »ldap_account_expire_policy«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "Voreinstellung: verwendet Basis-DN" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 #, fuzzy #| msgid "ipa_subdomains_search_base (string)" msgid "ipa_subid_ranges_search_base (string)" msgstr "ipa_subdomains_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 #, fuzzy #| msgid "" #| "Optional. Use the given string as search base for HBAC related objects." @@ -10995,97 +11099,97 @@ msgstr "" "bezogene Objekte" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 #, fuzzy #| msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "Voreinstellung: der Wert von <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" "optional, verwendet die angegebene Zeichenkette als Suchgrundlage für HBAC-" "bezogene Objekte" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "ipa_host_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "ipa_selinux_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" "optional, verwendet die angegebene Zeichenkette als Suchgrundlage für " "SELinux-Benutzerabbildungen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "ipa_subdomains_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" "optional, verwendet die angegebene Zeichenkette als Suchgrundlage für " "vertrauenswürdige Domains" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "Voreinstellung: der Wert von <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "ipa_master_domain_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" "optional, verwendet die angegebene Zeichenkette als Suchgrundlage für das " "Master-Domain-Objekt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "Voreinstellung: der Wert von <emphasis>cn=ad,cn=etc,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." @@ -11094,7 +11198,7 @@ msgstr "" "Wert von »ipa_domain«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." @@ -11104,37 +11208,37 @@ msgstr "" "zu verwenden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -11142,34 +11246,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "Voreinstellung: 5 (Sekunden)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -11180,12 +11284,12 @@ msgstr "" "Zugriffssteuerungsanfragen in einer kurzen Zeitspanne ankommen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "ipa_hbac_selinux (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -11196,33 +11300,33 @@ msgstr "" "viele Benutzeranmeldeanfragen in einer kurzen Zeitspanne ankommen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "ipa_server_mode (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -11230,59 +11334,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "ipa_automount_location (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "der Ort des Automounters, den dieser IPA-Client benutzen wird" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "Voreinstellung: der Ort namens »default«" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -11290,128 +11394,128 @@ msgid "Default: cn" msgstr "Voreinstellung: cn" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -11421,12 +11525,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "ANBIETER VON UNTER-DOMAINS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." @@ -11435,7 +11539,7 @@ msgstr "" "ob er explizit oder implizit konfiguriert wurde." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -11446,7 +11550,7 @@ msgstr "" "und alle Subdomain-Anfragen werden, falls nötig, an den IPA-Server gesandt." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -11465,12 +11569,12 @@ msgstr "" "online gegangen ist, wird der Subdomain-Anbieter erneut aktiviert." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -11478,7 +11582,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -11488,80 +11592,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -11575,7 +11679,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11587,7 +11691,7 @@ msgstr "" "Optionen von IPA." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -12866,7 +12970,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -12878,7 +12982,7 @@ msgstr "" "Optionen von AD." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -12902,7 +13006,7 @@ msgstr "" "ad_domain = example.com\n" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -12914,7 +13018,7 @@ msgstr "" "ldap_account_expire_policy = ad\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -12925,7 +13029,7 @@ msgstr "" "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -12935,7 +13039,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -19192,9 +19296,13 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" "Wenn diese Option konfiguriert wurde, werden Domains beginnend bei Slice " "null reserviert und gleichmäßig mit jeder zusätzlichen Domain vergrößert." @@ -20256,6 +20364,20 @@ msgstr "" "werden sollen. Diese Funktionalität ist mit MIT-Kerberos 1.7 und neueren " "Versionen verfügbar." +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "Diese Option ist für IPA-Anbieter nicht verfügbar." + +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "bestimmt, ob auch Benutzerberechtigungen im lokalen LDB-Zwischenspeicher " +#~ "zwischengespeichert werden." + #~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" #~ msgstr "" #~ "Benutzerberechtigungen werden in einem SHA512-Hash, nicht im Klartext " diff --git a/src/man/po/es.po b/src/man/po/es.po index 1cf1c71b709..36bf95b91ff 100644 --- a/src/man/po/es.po +++ b/src/man/po/es.po @@ -18,7 +18,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2021-10-27 15:05+0000\n" "Last-Translator: Emilio Herrera <ehespinosa57@gmail.com>\n" "Language-Team: Spanish <https://translate.fedoraproject.org/projects/sssd/" @@ -261,11 +261,11 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Predeterminado: true" @@ -285,11 +285,11 @@ msgstr "" "se ignora." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -330,8 +330,8 @@ msgstr "" "configuración no tiene efecto para otro tipo de registros)." #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -364,8 +364,8 @@ msgstr "" "Advierta que después de tres pulsaciones perdidas el servicio se terminará." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Predeterminado: 10" @@ -443,12 +443,12 @@ msgstr "" "usen para ejecución: \"systemctl enable sssd-@service@.socket\". </phrase>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -457,7 +457,7 @@ msgstr "" "de datos del proveedor, o de reiniciarse antes de abandonar" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Predeterminado: 3" @@ -485,7 +485,7 @@ msgstr "" "\"/\" está prohibido." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (cadena)" @@ -510,12 +510,12 @@ msgstr "" "las SECCIONES DOMINIO para mas información sobre estas expresiones regulares." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -527,33 +527,33 @@ msgstr "" "dominio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "nombre de usuario" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" "nombre de dominio como se especifica en el fichero de configuración SSSD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." @@ -563,7 +563,7 @@ msgstr "" "medio de IPA de confianza." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -774,8 +774,8 @@ msgstr "" "cuando se use la opción default_domain_suffix." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -1132,7 +1132,7 @@ msgstr "" "casos donde los nombres de usuarios se deben compartir entre dominios." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Por defecto: No definido" @@ -1185,11 +1185,11 @@ msgstr "certificate_verification (cadena)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -1230,12 +1230,12 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "SECCIONES DE SERVICIOS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -1248,22 +1248,22 @@ msgstr "" "sección sería <quote>[nss]</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "Opciones de configuración de servicios generales" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "Estas opciones pueden usarse para configurar cualquier servicio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1278,17 +1278,17 @@ msgstr "" "valor más bajo de este o de limite “hard” en limits.conf." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "Por defecto: 8192 (o limite “hard” en limits.conf)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1303,17 +1303,17 @@ msgstr "" "configura un valor más bajo será ajustado a 10 segundos." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 msgid "Default: 60, KCM: 300" msgstr "Predeterminado: 60, KCM: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "offline_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1331,7 +1331,7 @@ msgstr "" "nuevo intervalo se calcula mediante lo siguiente:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" @@ -1340,7 +1340,7 @@ msgstr "" "offline_timeout_random_offset]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1352,46 +1352,46 @@ msgstr "" "segundos antes del próximo reintento." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "Predeterminado: 60" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 #, fuzzy #| msgid "offline_timeout (integer)" msgid "offline_timeout_max (integer)" msgstr "offline_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1400,66 +1400,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 300" msgid "Default: 3600" msgstr "Predeterminado: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 #, fuzzy #| msgid "offline_timeout + random_offset" msgid "offline_timeout_random_offset (integer)" msgstr "offline_timeout + random_offset" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 #, fuzzy #| msgid "offline_timeout + random_offset" msgid "[0 - offline_timeout_random_offset]" msgstr "offline_timeout + random_offset" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 300" msgid "Default: 30" msgstr "Predeterminado: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "responder_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1478,18 +1478,18 @@ msgstr "" "los servicios activados son socket o D-Bus." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 -#: sssd-ldap.5.xml:331 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "Predeterminado: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "cache_first" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." @@ -1498,12 +1498,12 @@ msgstr "" "de consultar a los Proveedores de Datos." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "Opciones de configuración de NSS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -1511,12 +1511,12 @@ msgstr "" "Switch (NSS)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" @@ -1525,17 +1525,17 @@ msgstr "" "sobre todos los usuarios)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "Predeterminado: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1546,7 +1546,7 @@ msgstr "" "valor de entry_cache_timeout para el dominio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1562,7 +1562,7 @@ msgstr "" "actualización del cache." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1575,17 +1575,17 @@ msgstr "" "segundos. (0 deshabilita esta función)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "Predeterminado: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1596,17 +1596,17 @@ msgstr "" "entradas no existentes) antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "Predeterminado: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "local_negative_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1617,17 +1617,17 @@ msgstr "" "otra vez. Fijando la opción a 0 deshabilita esta característica." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "Por defecto: 14400 (4 horas)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1641,7 +1641,7 @@ msgstr "" "usuario (UPN)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1654,17 +1654,17 @@ msgstr "" "filtrado mantendrá los usuarios miembros del listado posterior." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "Predeterminado: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" @@ -1672,12 +1672,12 @@ msgstr "" "opción a false." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "fallback_homedir (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." @@ -1686,7 +1686,7 @@ msgstr "" "especificado una explícitamente por el proveedor de datos del dominio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" @@ -1694,7 +1694,7 @@ msgstr "" "override_homedir." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1704,24 +1704,24 @@ msgstr "" " " #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" "Por defecto: no fijado (sin sustitución para los directorios home no fijados)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "override_shell (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1732,17 +1732,17 @@ msgstr "" "la sección [nss] o por dominio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "Por defecto: no fijado (SSSD usará el valor recuperado desde LDAP)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "allowed_shells (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" @@ -1750,12 +1750,12 @@ msgstr "" "evaluación es:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "1. Si el shell está presente en <quote>/etc/shells</quote>, se usa." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." @@ -1764,7 +1764,7 @@ msgstr "" "shells</quote>, usa el valor del parámetro shell_fallback." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." @@ -1773,12 +1773,12 @@ msgstr "" "shells</quote>, se usará un shell de no acceso." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "Se puede usar el comodín (*) para permitir cualquier shell." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1789,12 +1789,12 @@ msgstr "" "los shells permitidos en allowed_shells estuviera llena." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "Una cadena vacía para el shell se pasa como-es a libc." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." @@ -1804,27 +1804,27 @@ msgstr "" "una nueva shell." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "Por defecto: No fijado. La shell del usuario se usa automáticamente." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "vetoed_shells (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "Reemplaza cualquier instancia de estos shells con shell_fallback" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "shell_fallback (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" @@ -1832,17 +1832,17 @@ msgstr "" "máquina." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "Predeterminado: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "default_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." @@ -1852,7 +1852,7 @@ msgstr "" "o por dominio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" @@ -1862,12 +1862,12 @@ msgstr "" "normalmente /bin/sh)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "get_domains_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." @@ -1876,14 +1876,14 @@ msgstr "" "considerada válida." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_timeout (integer)" msgstr "enum_cache_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." @@ -1892,7 +1892,7 @@ msgstr "" "cache serán validos. Fijando esta opción o cero deshabilita la memoria cache." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." @@ -1902,8 +1902,8 @@ msgstr "" "pruebas." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." @@ -1912,14 +1912,14 @@ msgstr "" "las aplicaciones clientes no usaran la memoria cache rápida." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_passwd (integer)" msgstr "enum_cache_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 #, fuzzy #| msgid "" #| "Specifies time in seconds for which records in the in-memory cache will " @@ -1933,13 +1933,13 @@ msgstr "" "cache serán validos. Fijando esta opción o cero deshabilita la memoria cache." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "Predeterminado: 8" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 #, fuzzy #| msgid "" #| "WARNING: Disabling the in-memory cache will have significant negative " @@ -1953,14 +1953,14 @@ msgstr "" "pruebas." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_group (integer)" msgstr "enum_cache_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 #, fuzzy #| msgid "" #| "Specifies time in seconds for which records in the in-memory cache will " @@ -1974,21 +1974,21 @@ msgstr "" "cache serán validos. Fijando esta opción o cero deshabilita la memoria cache." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Predeterminado: 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_initgroups (integer)" msgstr "enum_cache_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 #, fuzzy #| msgid "" #| "Specifies time in seconds for which records in the in-memory cache will " @@ -2002,14 +2002,14 @@ msgstr "" "cache serán validos. Fijando esta opción o cero deshabilita la memoria cache." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_sid (integer)" msgstr "enum_cache_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 #, fuzzy #| msgid "" #| "Specifies time in seconds for which records in the in-memory cache will " @@ -2024,12 +2024,12 @@ msgstr "" "cache serán validos. Fijando esta opción o cero deshabilita la memoria cache." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "user_attributes (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -2047,7 +2047,7 @@ msgstr "" "predeterminados." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." @@ -2056,17 +2056,17 @@ msgstr "" "opción InfoPipe si no está fijada para el contestador NSS." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "Por defecto: no ajustada, retroceder a opción InfoPipe" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "pwfield (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." @@ -2075,14 +2075,14 @@ msgstr "" "para el campo <quote>password</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 #, fuzzy #| msgid "Default: <quote>permit</quote>" msgid "Default: <quote>*</quote>" msgstr "Predeterminado: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 #, fuzzy #| msgid "This option can also be set per-domain." msgid "" @@ -2091,7 +2091,7 @@ msgid "" msgstr "Esta opción puede ser también fijada por dominio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 #, fuzzy #| msgid "" #| "Default: <quote>*</quote> (remote domains) or <quote>x</quote> (the " @@ -2106,12 +2106,12 @@ msgstr "" "ficheros de dominio)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "Opciones de configuración PAM" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." @@ -2120,12 +2120,12 @@ msgstr "" "Authentication Module (PAM)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." @@ -2134,17 +2134,17 @@ msgstr "" "los accesos escondidos (en días desde el último login en línea con éxito)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "Predeterminado: 0 (Sin límite)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." @@ -2153,12 +2153,12 @@ msgstr "" "login fallados están permitidos." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." @@ -2168,7 +2168,7 @@ msgstr "" "intento de login sea posible." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -2179,17 +2179,17 @@ msgstr "" "éxito puede habilitar otra vez la autenticación fuera de línea." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "Predeterminado: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." @@ -2198,46 +2198,46 @@ msgstr "" "autenticación. Cuanto mayor sea el número de mensajes más aparecen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "Actualmente sssd soporta los siguientes valores:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis>: no mostrar ningún mensaje" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis>: mostrar sólo mensajes importantes" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis>: mostrar mensajes informativos" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" "<emphasis>3</emphasis>: mostrar todos los mensajes e información de " "depuración" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "Predeterminado: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 #, fuzzy #| msgid "pam_response_filter (integer)" msgid "pam_response_filter (string)" msgstr "pam_response_filter (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -2250,7 +2250,7 @@ msgstr "" "variables de entorno que deberían ser fijadas por pam_sss." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." @@ -2259,37 +2259,37 @@ msgstr "" "pam_verbosity esta opción permite filtrar otra clase de respuestas también." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "ENV" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "No envía ninguna variable de entorno a ningún servicio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "ENV:var_name" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "No envía la variable de entorno var_name a ningún servicio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "ENV:var_name:service" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "No envía la variable de entorno var_name al servicio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -2298,7 +2298,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -2309,25 +2309,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 #, fuzzy #| msgid "Example: ENV:KRB5CCNAME:sudo-i" msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "Ejemplo: ENV:KRB5CCNAME:sudo-i" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -2339,7 +2339,7 @@ msgstr "" "información más actual." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -2353,17 +2353,17 @@ msgstr "" "proveedor de identidad." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "Mostrar una advertencia N días antes que la contraseña caduque." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -2374,7 +2374,7 @@ msgstr "" "información desaparece, sssd no podrá mostrar un aviso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -2384,7 +2384,7 @@ msgstr "" "automáticamente." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." @@ -2393,17 +2393,17 @@ msgstr "" "<emphasis>pwd_expiration_warning</emphasis> para un dominio concreto." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "Predeterminado: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "pam_trusted_users (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -2418,12 +2418,12 @@ msgstr "" "nombres de usuarios se resuelven a UIDs en el arranque." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "Por defecto: Todos los usuarios se consideran de confianza por defecto" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." @@ -2432,12 +2432,12 @@ msgstr "" "aunque no está en la la lista pam_trusted_users." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "pam_public_domains (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." @@ -2446,13 +2446,13 @@ msgstr "" "accesibles hasta para los usuarios en los que no se confíe." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" "Hay definidos dos valores especiales para la opción pam_public_domains:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" @@ -2460,7 +2460,7 @@ msgstr "" "dominios en el contestador PAM.)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" @@ -2469,19 +2469,19 @@ msgstr "" "dominios PAM en el contestador.)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "Predeterminado: none" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "pam_account_expired_message (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." @@ -2490,7 +2490,7 @@ msgstr "" "mensaje predeterminado 'Permiso denegado'." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." @@ -2500,7 +2500,7 @@ msgstr "" "mensajes e información de depuración)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2510,12 +2510,12 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "pam_account_locked_message (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." @@ -2524,7 +2524,7 @@ msgstr "" "por defecto 'Permiso denegado'." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2534,42 +2534,42 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 #, fuzzy #| msgid "pam_cert_auth (bool)" msgid "pam_passkey_auth (bool)" msgstr "pam_cert_auth (booleano)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "Por defecto: False" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "pam_cert_auth (booleano)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2580,22 +2580,22 @@ msgstr "" "de autenticación esta opción está deshabilitada por defecto." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "pam_cert_db_path (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "Predeterminado:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 #, fuzzy #| msgid "" #| "/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with " @@ -2608,14 +2608,14 @@ msgstr "" "certificados CA de confianza en formato PEM)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 #, fuzzy #| msgid "certificate_verification (string)" msgid "pam_cert_verification (string)" msgstr "certificate_verification (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 #, fuzzy #| msgid "" #| "With this parameter the certificate verification can be tuned with a " @@ -2633,7 +2633,7 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, fuzzy, no-wrap #| msgid "" #| "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2646,31 +2646,31 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "p11_child_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "Cuantos segundos esperará pam_sss wait para que p11_child finalice." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "p11_child_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "p11_child_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 #, fuzzy #| msgid "How many seconds will pam_sss wait for p11_child to finish." msgid "" @@ -2678,12 +2678,12 @@ msgid "" msgstr "Cuantos segundos esperará pam_sss wait para que p11_child finalice." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "pam_app_services (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" @@ -2692,12 +2692,12 @@ msgstr "" "tipo <quote>application</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "pam_p11_allowed_services (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." @@ -2706,7 +2706,7 @@ msgstr "" "permitidos usar Smartcards." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2716,7 +2716,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2736,7 +2736,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" @@ -2744,57 +2744,57 @@ msgstr "" "incluye:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "login" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "su" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "su-l" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "gdm-smartcard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "gdm-password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "kdm" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "sudo" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "sudo-i" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "gnome-screensaver" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "p11_wait_for_card_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2805,12 +2805,12 @@ msgstr "" "inserte la Smartcard." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "p11_uri (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2828,7 +2828,7 @@ msgstr "" "específico." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, fuzzy, no-wrap #| msgid "" #| "p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2841,7 +2841,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, fuzzy, no-wrap #| msgid "" #| "p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2854,7 +2854,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2867,47 +2867,47 @@ msgstr "" "GnuTLS 'p11tool' con e.g. '--list-all' mostrará PKCS#11 URIs también." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2916,19 +2916,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 #, fuzzy #| msgid "pam_app_services (string)" msgid "pam_gssapi_services" msgstr "pam_app_services (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 #, fuzzy #| msgid "Comma separated list of users who are allowed to log in." msgid "" @@ -2937,13 +2937,13 @@ msgid "" msgstr "Lista separada por comas de usuarios a los está permitido el acceso." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2951,7 +2951,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, fuzzy, no-wrap #| msgid "" #| "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2964,22 +2964,22 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2987,25 +2987,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Predeterminado: True" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -3013,7 +3013,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -3028,7 +3028,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -3036,45 +3036,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, fuzzy, no-wrap #| msgid "" #| "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -3087,7 +3087,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -3095,7 +3095,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 #, fuzzy #| msgid "Default: not set (no substitution for unset home directories)" msgid "Default: not set (use of authentication indicators is not required)" @@ -3103,12 +3103,12 @@ msgstr "" "Por defecto: no fijado (sin sustitución para los directorios home no fijados)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "SUDO opciones de configuración" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -3126,12 +3126,12 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "sudo_timed (booleano)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." @@ -3140,12 +3140,12 @@ msgstr "" "entradas de sudoers dependientes del tiempo." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "sudo_threshold (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -3161,22 +3161,22 @@ msgstr "" "comando." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "Opciones de configuración AUTOFS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "Estas opciones pueden ser usadas para configurar el servicio autofs." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "autofs_negative_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -3187,22 +3187,22 @@ msgstr "" "existentes) antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "Opciones de configuración SSH" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "Estas opciones se pueden usar para configurar el servicio SSH." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "ssh_hash_known_hosts (booleano)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." @@ -3211,12 +3211,12 @@ msgstr "" "known_host. " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "ssh_known_hosts_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." @@ -3225,17 +3225,17 @@ msgstr "" "después de que se hayan pedido sus claves de host." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "Por defecto: 180" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "ssh_use_certificate_keys (booleano)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -3249,12 +3249,12 @@ msgstr "" "manvolnum> </citerefentry> for details." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "ssh_use_certificate_matching_rules (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -3269,7 +3269,7 @@ msgstr "" "de reglas que coincidan y mapeen. Todas las demás reglas serán ignoradas." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -3277,7 +3277,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -3286,26 +3286,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "ca_db (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." @@ -3315,12 +3315,12 @@ msgstr "" "públicas ssh de ellos." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "Opciones de configuración del respondedor PAC" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -3338,7 +3338,7 @@ msgstr "" "se hacen algunas de las siguientes operaciones:" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -3354,7 +3354,7 @@ msgstr "" "predeterminado, pero se puede sustituir con el parámetro default_shell." #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." @@ -3363,17 +3363,17 @@ msgstr "" "a esos grupos." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "allowed_uids (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -3383,14 +3383,14 @@ msgstr "" "usuario que tiene el acceso permitido al respondedor PAC." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" "Por defecto: 0 (sólo el usuario root tiene permitido el acceso al " "respondedor PAC)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -3403,12 +3403,12 @@ msgstr "" "lista de UIDs permitidas también." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "pac_lifetime (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." @@ -3418,14 +3418,14 @@ msgstr "" "usuario." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 #, fuzzy #| msgid "ldap_schema (string)" msgid "pac_check (string)" msgstr "ldap_schema (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -3436,24 +3436,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -3461,24 +3461,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -3490,7 +3490,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -3501,41 +3501,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -3548,19 +3548,19 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "Opciones de configuración de la grabación de sesión" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -3576,32 +3576,32 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "Se pueden usar estas opciones para configurar la grabación de sesión." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "scope (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "\"none\"" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "NO se grabaron usuarios." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "\"some\"" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." @@ -3610,17 +3610,17 @@ msgstr "" "replaceable> y<replaceable>groups</replaceable> son grabados." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "\"all\"" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "Se graban todos los usuarios." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -3629,17 +3629,17 @@ msgstr "" "grabación: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "Predeterminado: \"none\"" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "users (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3651,17 +3651,17 @@ msgstr "" "mayúsculas/minúsculas, etc." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "Predeterminado: Vacío. No hay usuarios coincidentes." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "groups (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3673,7 +3673,7 @@ msgstr "" "minúsculas, etc." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3686,64 +3686,64 @@ msgstr "" "pertenece el usuario." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "Predeterminado: Vacío. No empareja grupos." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 #, fuzzy #| msgid "users (string)" msgid "exclude_users (string)" msgstr "users (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 #, fuzzy #| msgid "Default: Empty. Matches no users." msgid "Default: Empty. No users excluded." msgstr "Predeterminado: Vacío. No hay usuarios coincidentes." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 #, fuzzy #| msgid "groups (string)" msgid "exclude_groups (string)" msgstr "groups (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 #, fuzzy #| msgid "Default: Empty. Matches no groups." msgid "Default: Empty. No groups excluded." msgstr "Predeterminado: Vacío. No empareja grupos." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "SECCIONES DE DOMINIO" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3753,12 +3753,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "domain_type (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3771,7 +3771,7 @@ msgstr "" "disponibles para las interfaces y utilidades de sistema operativo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." @@ -3780,7 +3780,7 @@ msgstr "" "<quote>application</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3793,7 +3793,7 @@ msgstr "" "manvolnum> </citerefentry>) y el contestador PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." @@ -3802,7 +3802,7 @@ msgstr "" "<quote>id_provider=ldap</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." @@ -3811,17 +3811,17 @@ msgstr "" "<quote>Dominios aplicación</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "Predeterminado: posix" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "min_id, max_id (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." @@ -3830,7 +3830,7 @@ msgstr "" "está fuera de estos límites, ésta es ignorada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3843,7 +3843,7 @@ msgstr "" "reportados como en espera." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." @@ -3852,17 +3852,17 @@ msgstr "" "devolviéndolas por nombre o ID." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Predeterminado: 1 para min_id, 0 (sin límite) para max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "enumerar (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3875,22 +3875,22 @@ msgstr "" "Este parámetros puede tener uno de los siguientes valores:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = Usuarios y grupos son enumerados" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = Sin enumeraciones para este dominio" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "Predeterminado: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." @@ -3899,7 +3899,7 @@ msgstr "" "entradas de usuario y grupo del servidor remoto." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3923,7 +3923,7 @@ msgstr "" "guardián interno." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." @@ -3933,7 +3933,7 @@ msgstr "" "completen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3947,7 +3947,7 @@ msgstr "" "específico id_provider en uso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." @@ -3956,32 +3956,32 @@ msgstr "" "especialmente en entornos grandes." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "subdomain_enumerate (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "all" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "Se enumerarán todos los dominios de confianza descubiertos" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "No serán enumerados dominios de confianza descubiertos" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3994,12 +3994,12 @@ msgstr "" "enumeración solo para estos dominios de confianza." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" @@ -4008,7 +4008,7 @@ msgstr "" "volver a consultar al backend" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -4026,17 +4026,17 @@ msgstr "" "están en la caché." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "Predeterminado: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "entry_cache_user_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" @@ -4045,19 +4045,19 @@ msgstr "" "antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "Por defecto: entry_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "entry_cache_group_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" @@ -4066,12 +4066,12 @@ msgstr "" "antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "entry_cache_netgroup_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" @@ -4080,12 +4080,12 @@ msgstr "" "válidas antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "entry_cache_service_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" @@ -4094,24 +4094,24 @@ msgstr "" "antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "entry_cache_sudo_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" @@ -4120,12 +4120,12 @@ msgstr "" "preguntar al backend otra vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "entry_cache_autofs_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" @@ -4134,12 +4134,12 @@ msgstr "" "automontaje válidos antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "entry_cache_ssh_host_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." @@ -4148,24 +4148,24 @@ msgstr "" "cuanto guardar en caché la clave de host." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "refresh_expired_interval (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." @@ -4175,7 +4175,7 @@ msgstr "" "expirados o a punto de hacerlo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -4188,18 +4188,18 @@ msgstr "" "login), tanto la entrada usuario y la membresia de grupo son actualizados." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" "Esta opción se hereda automáticamente para todos los dominios de confianza." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "Usted puede considerar ajustar este valor a 3/4 * entry_cache_timeout." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -4211,28 +4211,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "Predeterminado: 0 (deshabilitado)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "cache_credentials (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 -#, fuzzy -#| msgid "" -#| "Determines if user credentials are also cached in the local LDB cache" -msgid "Determines if user credentials are also cached in the local LDB cache." +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" -"Determina si las credenciales del usuario están también escondidas en el " -"cache LDB local" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -4241,12 +4242,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "cache_credentials_minimal_first_factor_length (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -4258,7 +4259,7 @@ msgstr "" "SHA512 en el caché." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." @@ -4268,12 +4269,12 @@ msgstr "" "bruta." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -4286,17 +4287,17 @@ msgstr "" "grande o igual que offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "Predeterminado: 0 (ilimitado)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -4309,17 +4310,17 @@ msgstr "" "configurar un proveedor de autorización para el backend." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Por defecto: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "id_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -4327,12 +4328,12 @@ msgstr "" "soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "<quote>proxy</quote>: Soporta un proveedor NSS heredado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4344,7 +4345,7 @@ msgstr "" "grupos locales en SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4355,13 +4356,18 @@ msgstr "" "información sobre la configuración de LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" "<quote>ipa</quote>: Proveedor FreeIPA y Red Hat Enterprise Identity " "Management. Vea <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -4369,8 +4375,8 @@ msgstr "" "configuración de FreeIPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4382,12 +4388,12 @@ msgstr "" "Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -4397,7 +4403,7 @@ msgstr "" "NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -4411,7 +4417,7 @@ msgstr "" "command> lo haría." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -4423,24 +4429,24 @@ msgstr "" "cualificado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "No devuelve miembros de grupo para búsquedas de grupo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -4459,7 +4465,7 @@ msgstr "" "devolver el grupo pedido como si estuviera vacío." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -4470,23 +4476,23 @@ msgstr "" "especialmente para grupos que contienen muchos miembros." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "auth_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -4495,7 +4501,7 @@ msgstr "" "autenticación soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4506,7 +4512,7 @@ msgstr "" "citerefentry> para más información sobre la configuración LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4517,7 +4523,7 @@ msgstr "" "citerefentry> para más información sobre la configuración de Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" @@ -4525,12 +4531,12 @@ msgstr "" "objetivo PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> deshabilita la autenticación explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -4539,12 +4545,12 @@ msgstr "" "manejar las peticiones de autenticación." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "access_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -4555,7 +4561,7 @@ msgstr "" "proveedores especiales internos son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -4564,12 +4570,12 @@ msgstr "" "sólo permitido para un dominio local." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> siempre niega el acceso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -4582,7 +4588,7 @@ msgstr "" "configuración del módulo de acceso sencillo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4594,23 +4600,23 @@ msgstr "" "Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" "<quote>proxy</quote> para transmitir control de acceso a otro módulo PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "Predeterminado: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "chpass_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4619,7 +4625,7 @@ msgstr "" "el dominio. Los proveedores de cambio de passweord soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4631,7 +4637,7 @@ msgstr "" "configuración de LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4642,7 +4648,7 @@ msgstr "" "citerefentry> para más información sobre configurar Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" @@ -4650,13 +4656,13 @@ msgstr "" "otros objetivos PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" "<quote>none</quote> deniega explícitamente los cambios en la contraseña." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4665,18 +4671,18 @@ msgstr "" "puede manejar las peticiones de cambio de password." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "sudo_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "El proveedor SUDO usado por el dominio. Los proveedores SUDO soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4687,7 +4693,7 @@ msgstr "" "citerefentry> para más información sobre la configuración LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." @@ -4696,7 +4702,7 @@ msgstr "" "predeterminados IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." @@ -4705,19 +4711,19 @@ msgstr "" "predeterminados AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote>deshabilita SUDO explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "Por defecto: el valor de <quote>id_provider</quote> se usa si está fijado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4734,7 +4740,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4748,12 +4754,12 @@ msgstr "" "desea usar sudo cn SSSD mas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "selinux_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4764,7 +4770,7 @@ msgstr "" "finalice. Los proveedores selinux soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4776,14 +4782,14 @@ msgstr "" "IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" "<quote>none</quote> deshabilita ir a buscar los ajustes selinux " "explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." @@ -4792,12 +4798,12 @@ msgstr "" "manejar las peticiones de carga selinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "subdomains_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" @@ -4807,7 +4813,7 @@ msgstr "" "soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4819,7 +4825,7 @@ msgstr "" "configuración de IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4832,18 +4838,18 @@ msgstr "" "configuración del proveedor AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" "<quote>none</quote> deshabilita el buscador de subdominios explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "session_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4855,14 +4861,14 @@ msgstr "" "de sesiones soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" "<quote>ipa</quote> para permitir llevar a cabo tareas relacionadas con la " "sesión de usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" @@ -4870,7 +4876,7 @@ msgstr "" "de usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." @@ -4879,7 +4885,7 @@ msgstr "" "llevar a cabo tareas relacionadas con la sesión de usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." @@ -4889,12 +4895,12 @@ msgstr "" "sin privilegios." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "autofs_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -4902,7 +4908,7 @@ msgstr "" "son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4914,7 +4920,7 @@ msgstr "" "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4926,7 +4932,7 @@ msgstr "" "IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4938,17 +4944,17 @@ msgstr "" "proveedor AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> deshabilita autofs explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "hostid_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -4957,7 +4963,7 @@ msgstr "" "proveedores de hostid soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4969,31 +4975,31 @@ msgstr "" "configuración de IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> deshabilita hostid explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -5001,7 +5007,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -5010,12 +5016,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -5030,7 +5036,7 @@ msgstr "" "dominios Active Directory, el nombre plano (NetBIOS) del dominio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3560 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5047,17 +5053,17 @@ msgstr "" "nombres de usuario:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "nombre de usuario" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "username@domain.name" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3573 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5076,12 +5082,12 @@ msgstr "" "nombres de usuario:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "dominio/nombre_de_usuario" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." @@ -5091,7 +5097,7 @@ msgstr "" "dominios Windows." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -5101,17 +5107,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Predeterminado: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "lookup_family_order (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -5120,57 +5126,57 @@ msgstr "" "a usar cuando se lleven a cabo búsquedas DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "Valores soportados:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "ipv4_first: Intenta buscar dirección IPv4, si falla, intenta IPv6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "ipv4_only: Sólo intenta resolver nombres de host a direccones IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "ipv6_first: Intenta buscar dirección IPv6, si falla, intenta IPv4" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "ipv6_only: Sólo intenta resolver nombres de host a direccones IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "Predeterminado: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3679 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." @@ -5179,19 +5185,19 @@ msgstr "" "información sobre la resolución del servicio." #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "Predeterminado: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3702 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -5199,12 +5205,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -5217,14 +5223,14 @@ msgstr "" "trabajando en modo offline." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3743 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -5232,7 +5238,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -5240,17 +5246,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "Predeterminado: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -5259,55 +5265,55 @@ msgstr "" "de dominio de la pregunta al descubridor de servicio DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" "Predeterminado: Utilizar la parte del dominio del nombre de host del equipo" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "override_gid (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "Anula el valor primario GID con el especificado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "case_sensitive (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" "Distingue mayúsculas y minúsculas. Este valor es invalido para el proveedor " "AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "No sensible a mayúsculas minúsculas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "Preserving" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -5319,14 +5325,14 @@ msgstr "" "protocolo) están en minúsculas en la salida." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3789 #, fuzzy #| msgid "" #| "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" @@ -5337,17 +5343,17 @@ msgstr "" "Las opciones disponibles son: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "Predeterminado: True (False para proveedor AD)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "subdomain_inherit (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -5359,61 +5365,61 @@ msgstr "" "siguientes opciones:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3849 #, fuzzy #| msgid "ldap_search_timeout (integer)" msgid "ldap_search_timeout" msgstr "ldap_search_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3852 #, fuzzy #| msgid "ldap_network_timeout (integer)" msgid "ldap_network_timeout" msgstr "ldap_network_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3855 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3858 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_offline_timeout" msgstr "ldap_connection_expire_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3861 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3864 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3870 #, fuzzy #| msgid "ldap_purge_cache_timeout" msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" @@ -5422,71 +5428,71 @@ msgstr "" "explícitamente ldap_krb5_keytab)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3877 #, fuzzy #| msgid "ldap_krb5_ticket_lifetime (integer)" msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3880 #, fuzzy #| msgid "ldap_enumeration_search_timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3883 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3886 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3889 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_expire_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3901 #, fuzzy #| msgid "auto_private_groups (string)" msgid "auto_private_groups" msgstr "auto_private_groups (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3904 #, fuzzy #| msgid "Case insensitive." msgid "case_sensitive" msgstr "No sensible a mayúsculas minúsculas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -5496,27 +5502,27 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "Aviso: Esta opción solo trabaja con el proveedor IPA y AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "flat (NetBIOS) nombre de un subdominio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -5532,7 +5538,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" @@ -5540,17 +5546,17 @@ msgstr "" "emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Por defecto: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "realmd_tags (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" @@ -5558,12 +5564,12 @@ msgstr "" "este dominio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "cached_auth_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -5576,7 +5582,7 @@ msgstr "" "incorrectas, SSSD cae de nuevo a la autenticación en linea." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." @@ -5586,12 +5592,12 @@ msgstr "" "confianza." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "El valor especial 0 implica que esta función está deshabilitada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -5602,17 +5608,89 @@ msgstr "" "gestionar <quote>initgroups.</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: mail" +msgid "Default: match" +msgstr "Predeterminado: mail" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "auto_private_groups (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." @@ -5621,7 +5699,7 @@ msgstr "" "usuario. El número GID se ignora en este caso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5634,12 +5712,12 @@ msgstr "" "unicidad den el espacio de ID." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "false" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." @@ -5648,12 +5726,12 @@ msgstr "" "a un objeto grupo en las base de datos LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "hybrid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5668,7 +5746,7 @@ msgstr "" "grupo, el GID primario del usuario se resuelve al de ese objeto grupo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." @@ -5677,7 +5755,7 @@ msgstr "" "una entrada de grupo, de otro modo el GID simplemente no se puede resolver." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5688,7 +5766,7 @@ msgstr "" "también desea retener los grupos privados existentes del usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -5697,7 +5775,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." @@ -5706,7 +5784,7 @@ msgstr "" "POSIX IDs asignados y True para subdominios que usan mapeo de ID automático." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5716,7 +5794,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5728,7 +5806,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5742,7 +5820,7 @@ msgstr "" "type=\"programlisting\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -5754,31 +5832,36 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "El proxy de destino PAM próximo a." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4145 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" "Por defecto: no se fija por defecto, usted tiene que coger una configuración " "pam existente o crear una nueva y añadir el nombre de servicio aquí." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5789,12 +5872,12 @@ msgstr "" "_nss_$(libName)_$(function), por ejemplo _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5802,12 +5885,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5821,12 +5904,12 @@ msgstr "" "razones de rendimiento." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "proxy_max_children (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5838,7 +5921,7 @@ msgstr "" "son encoladas." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5847,12 +5930,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "Dominios de aplicaciones" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5881,7 +5964,7 @@ msgstr "" "que opcionalmente herede ajustes de un dominio SSSD tradicional." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5893,17 +5976,17 @@ msgstr "" "establecido correctamente." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "Parámetros de dominio de aplicación" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "inherit_from (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5916,7 +5999,7 @@ msgstr "" "<quote>hermano</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5931,7 +6014,7 @@ msgstr "" "cache y hace al atributo phone alcanzable a través del interfaz D-Bus." #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -5965,12 +6048,12 @@ msgstr "" "ldap_user_extra_attrs = phone:telephoneNumber\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "SECCIÓN DE DOMINIO DE CONFIANZA" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -5987,57 +6070,57 @@ msgstr "" "soportadas en la sección de dominio de confianza son:" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "ldap_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "ldap_user_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "ldap_group_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "ldap_netgroup_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "ldap_service_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "ldap_sasl_mech," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "ad_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "ad_backup_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "ad_site," #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "use_fully_qualified_names" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." @@ -6046,12 +6129,12 @@ msgstr "" "página de manual." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "SECCIÓN DE MAPEO DEL CERTIFICADO" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -6073,7 +6156,7 @@ msgstr "" "usan autenticación PAM." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -6085,7 +6168,7 @@ msgstr "" "citerefentry>)." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -6099,12 +6182,12 @@ msgstr "" "opciones:" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "matchrule (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." @@ -6113,7 +6196,7 @@ msgstr "" "procesados, los demás son ignorados." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" @@ -6122,17 +6205,17 @@ msgstr "" "tengan Extended Key Usage <quote>clientAuth</quote>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "maprule (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "Define como se encuentra un usuario desde un certificado dado." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." @@ -6141,7 +6224,7 @@ msgstr "" "como <quote>ldap</quote>, <quote>AD</quote> o <quote>ipa</quote>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." @@ -6150,12 +6233,12 @@ msgstr "" "encontrar un usuario con el mismo nombre." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "domains (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -6168,17 +6251,17 @@ msgstr "" "usada para añadir la regla a los subdominios también." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "Predetermiado: el dominio configurado en sssd.conf" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "priority (entero)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -6189,12 +6272,12 @@ msgstr "" "más alte mientras que <quote>4294967295</quote> es la más baja." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "Predeterminado: la prioridad más baja" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" @@ -6204,7 +6287,7 @@ msgstr "" "propiedades especiales:" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" @@ -6213,7 +6296,7 @@ msgstr "" "usuario coincidente" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -6226,17 +6309,17 @@ msgstr "" "short_name})</quote>" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "la opción <quote>domains</quote> es ignorada" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "SECCIÓN DE CONFIGURACIÓN INICIAL" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -6251,7 +6334,7 @@ msgstr "" "al usuario las credenciales apropiadas." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -6264,22 +6347,22 @@ msgstr "" "Las siguientes opciones deberían suministrar una mejor flexibilidad aquí." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "password_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "cambiar la cadena de solicitud de contraseña" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -6288,37 +6371,37 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "[prompting/2fa]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "para cambiar la cadena de la solicitud del primer factor" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "second_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "para cambiar la cadena de la solicitud para el segundo factor" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "single_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4497 #, fuzzy #| msgid "" #| "boolean value, if True there will be only a single prompt using the value " @@ -6335,7 +6418,7 @@ msgstr "" "única cadena" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -6344,19 +6427,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4514 #, fuzzy #| msgid "[prompting/password]" msgid "[prompting/passkey]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -6364,47 +6447,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4530 #, fuzzy #| msgid "first_prompt" msgid "interactive_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4532 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the interactive prompt." msgstr "cambiar la cadena de solicitud de contraseña" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4545 #, fuzzy #| msgid "first_prompt" msgid "touch_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4547 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the touch prompt." msgstr "cambiar la cadena de solicitud de contraseña" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4516 #, fuzzy #| msgid "" #| "to configure two-factor authentication prompting, allowed options are: " @@ -6417,7 +6500,7 @@ msgstr "" "permitidas son: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4467 #, fuzzy #| msgid "" #| "Each supported authentication method has its own configuration subsection " @@ -6436,7 +6519,7 @@ msgstr "" "type=\"variablelist\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -6447,12 +6530,12 @@ msgstr "" "pregunta para este servicio." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "EJEMPLOS" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -6506,7 +6589,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -6519,7 +6602,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -6529,7 +6612,7 @@ msgstr "" "use_fully_qualified_names = false\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -6546,7 +6629,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4615 #, fuzzy, no-wrap #| msgid "" #| "[certmap/my.domain/rule_name]\n" @@ -6574,7 +6657,7 @@ msgstr "" "matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$<SUBJECT>^CN=User.Name,DC=MY,DC=DOMAIN$\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4609 #, fuzzy #| msgid "" #| "3. The following example shows the configuration for two certificate " @@ -6647,14 +6730,23 @@ msgstr "Puede configurar SSSD para usar más de un dominio LDAP." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" "El punto final de LDAP soporta proveedores de id, auth, acceso y chpass. Si " "usted desea autenticarse contra un servidor LDAP se requiere bien TLS/SSL o " @@ -6665,19 +6757,19 @@ msgstr "" "información sobre la utilización de LDAP como proveedor de acceso." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "OPCIONES DE CONFIGURACIÓN" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "ldap_uri, ldap_backup_uri (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -6693,35 +6785,35 @@ msgstr "" "vea la sección <quote>DESCUBRIDOR DE SERVICIOS</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" "El formato de la URI debe coincidir con el formato definido en RFC 2732:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<host>[:port]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" "Para direcciones IPv6 explícitas, <host> debe estar entre corchetes []" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "ejemplo: ldap://[fc00::126:25]:389" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -6734,31 +6826,31 @@ msgstr "" "sobre failover y redundancia de servidor." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "Para habilitar el servicio descubrimiento ldap_chpass_dns_service_name debe " "ser establecido." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "Por defecto: vacio, esto es ldap_uri se está usando." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "ldap_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" "El DN base por defecto que se usará para realizar operaciones LDAP de " "usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" @@ -6767,17 +6859,17 @@ msgstr "" "sintaxis:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "El alcance puede ser uno de “base”, “onlevel” o “subtree”." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" @@ -6786,13 +6878,13 @@ msgstr "" "http://www.ietf.org/rfc/rfc2254.txt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "Ejemplos:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" @@ -6801,7 +6893,7 @@ msgstr "" "= dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" @@ -6810,7 +6902,7 @@ msgstr "" "(host=thishost)?dc=example.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -6823,7 +6915,7 @@ msgstr "" "impredecibles sobre máquinas cliente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -6840,12 +6932,12 @@ msgstr "" "soportan múltiples valores." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "ldap_schema (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -6857,32 +6949,32 @@ msgstr "" "atributos son manejados puede también diferir." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "Cuatro tipos de esquema son actualmente soportados:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "rfc2307bis" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -6900,38 +6992,38 @@ msgstr "" "2008r2." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "Predeterminado: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "ldap_pwmodify_mode (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" "Especifica la operación que se usa para modificar la contraseña de usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "Actualmente se soportan dos modos:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "exop - Operación Extendida de Modificación de Contraseña (RFC 3062)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "ldap_modify - Modificación directa de userPassword (no recomendado)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -6944,75 +7036,75 @@ msgstr "" "el usuario debe haber escrito el atributo de acceos a userPassword." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "Predeterminado: exop" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" "El enlazador DN por defecto a usar para llevar a cabo operaciones LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "El tipo de ficha de autenticación del enlazador DN por defecto." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "Los dos mecanismos actualmente soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "contraseña" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "Por defecto: contraseña" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -7025,12 +7117,12 @@ msgstr "" "usar mayúsculas reales." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." @@ -7039,12 +7131,12 @@ msgstr "" "escondrijo de los registros enumerados." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "ldap_purge_cache_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -7055,7 +7147,7 @@ msgstr "" "para guardar espacio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -7069,12 +7161,12 @@ msgstr "" "correrá cada tres horas con la enumeración habilitada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -7086,7 +7178,7 @@ msgstr "" "esquema RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -7102,7 +7194,7 @@ msgstr "" "conjunto de resultados de la búsqueda origina si se requiere." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -7118,12 +7210,12 @@ msgstr "" "grupos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "Predeterminado: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." @@ -7133,23 +7225,23 @@ msgstr "" "posteriores." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "Predeterminado: True para AD e IPA en otro caso False." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "ldap_host_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "Opcional. Usa la cadena dada como base de búsqueda para objetos host." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." @@ -7158,32 +7250,32 @@ msgstr "" "de múltiples bases de búsqueda." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "Predeterminado: el valor de <emphasis>ldap_search_base</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "ldap_service_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -7194,7 +7286,7 @@ msgstr "" "escondidos devueltos (y se entra en modo fuera de línea)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -7205,12 +7297,12 @@ msgstr "" "espera para tipos específicos de búsqueda." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -7222,12 +7314,12 @@ msgstr "" "fuera de línea)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -7244,12 +7336,12 @@ msgstr "" "citerefentry> vuelve en caso de no actividad." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -7263,12 +7355,12 @@ msgstr "" "cambio extendido de contraseña y las operación StartTLS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -7281,7 +7373,7 @@ msgstr "" "temprano (este valor contra el tiempo de vida TGT)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -7292,38 +7384,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "Predeterminado: 900 (15 minutos)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout (integer)" msgstr "ldap_connection_expire_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 #, fuzzy #| msgid "" #| "Specifies a timeout (in seconds) that a connection to an LDAP server will " @@ -7341,17 +7433,17 @@ msgstr "" "temprano (este valor contra el tiempo de vida TGT)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." @@ -7360,12 +7452,12 @@ msgstr "" "Algunos servidores LDAP hacen cumplir un límite máximo por petición." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "ldap_disable_paging (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -7376,7 +7468,7 @@ msgstr "" "RootDSE pero no está habilitado o no se comporta apropiadamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." @@ -7386,7 +7478,7 @@ msgstr "" "pero es incapaz de usarlo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -7397,17 +7489,17 @@ msgstr "" "puede ocasionar que algunas peticiones sean denegadas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "ldap_disable_range_retrieval (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "Deshabilitar la recuperación del rango de Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -7423,12 +7515,12 @@ msgstr "" "miembros." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "ldap_sasl_minssf (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -7439,19 +7531,19 @@ msgstr "" "de esta opción son definidos por OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" "Por defecto: Usa el sistema por defecto (normalmente especificado por ldap." "conf)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -7459,12 +7551,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -7475,7 +7567,7 @@ msgstr "" "deference. Si hay menos miembros desaparecidos, se buscarán individualmente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -7492,7 +7584,7 @@ msgstr "" "lo soporta y auncia el control de la desreferencia en el objeto rootDSE." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -7505,7 +7597,7 @@ msgstr "" "soportados son 389/RHDS, OpenLDAP y Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -7516,14 +7608,14 @@ msgstr "" "será deshabilitado sin tener en cuenta este ajuste." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 #, fuzzy #| msgid "ad_gpo_ignore_unreadable (boolean)" msgid "ldap_ignore_unreadable_references (bool)" msgstr "ad_gpo_ignore_unreadable (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -7531,7 +7623,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -7539,12 +7631,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -7554,7 +7646,7 @@ msgstr "" "los siguientes valores:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -7563,7 +7655,7 @@ msgstr "" "certificado de servidor." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -7574,7 +7666,7 @@ msgstr "" "certificado malo, será ignorado y la sesión continua normalmente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -7585,7 +7677,7 @@ msgstr "" "certificado malo, la sesión se termina inmediatamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -7596,22 +7688,22 @@ msgstr "" "termina inmediatamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "Predeterminado: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -7620,7 +7712,7 @@ msgstr "" "de Certificación que <command>sssd</command> reconocerá." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -7629,12 +7721,12 @@ msgstr "" "etc/openldap/ldap.conf</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -7648,33 +7740,33 @@ msgstr "" "para crear los nombres correctos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" "Especifica el fichero que contiene el certificado para la clave del cliente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "Especifica el archivo que contiene la clave del cliente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -7685,26 +7777,31 @@ msgstr "" "conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" "Especifica que la id_de proveedor de la conexión debe también utilizar " "<systemitem class=\"protocol\">tls</systemitem> para proteger el canal." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "ldap_id_mapping (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -7715,18 +7812,18 @@ msgstr "" "ldap_user_uid_number y ldap_group_gid_number." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" "Actualmente está función soporta sólo mapeos de objectSID de ActiveDirectory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "ldap_min_id, ldap_max_id (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -7744,17 +7841,17 @@ msgstr "" "el servidor. Los subdominios pueden elegir otros rangos para asignar IDs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "Predeterminado: no establecido (ambas opciones se establecen a 0)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." @@ -7763,7 +7860,7 @@ msgstr "" "soportados GSSAPI y GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -7780,12 +7877,12 @@ msgstr "" "manvolnum></citerefentry> para más detalles." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -7805,7 +7902,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -7825,17 +7922,17 @@ msgstr "" "principal en la pestaña." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "Por defecto: host/nombre_de_host@REALM" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "ldap_sasl_realm (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -7846,17 +7943,17 @@ msgstr "" "reino también, esta opción se ignora." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "Por defecto: el valor de krb5_realm." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." @@ -7865,34 +7962,34 @@ msgstr "" "para para canocalizar el nombre de host durante una unión SASL." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "Predeterminado: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "Especifica la pestaña a usar cuando se utiliza SASL/GSSAPI/GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Por defecto: Keytab del sistema, normalmente <filename>/etc/krb5.keytab</" "filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -7903,12 +8000,12 @@ msgstr "" "es GSSAPI o GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" @@ -7916,17 +8013,17 @@ msgstr "" "SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "Predeterminado: 86400 (24 horas)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "krb5_server, krb5_backup_server (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -7945,7 +8042,7 @@ msgstr "" "información, vea la sección <quote>SERVICE DISCOVERY</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -7956,7 +8053,7 @@ msgstr "" "regresa a _tcp si no se encuentra nada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -7968,30 +8065,30 @@ msgstr "" "configuración para usar <quote>krb5_server</quote> en su lugar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" "Especifica el REALM Kerberos (para autorización SASL/GSSAPI/GSS-SPNEGO)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" "Predeterminado: Predeterminados del sistema, vea <filename>/etc/krb5.conf</" "filename>" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" @@ -8000,12 +8097,12 @@ msgstr "" "servidor LDAP. Esta función está disponible con MIT Kerberos >= 1.7" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "krb5_use_kdcinfo (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -8020,7 +8117,7 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -8032,12 +8129,12 @@ msgstr "" "localizador." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -8046,7 +8143,7 @@ msgstr "" "del cliente. Los siguientes valores son permitidos:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -8055,7 +8152,7 @@ msgstr "" "no puede deshabilitar las políticas de password en el lado servidor." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 #, fuzzy #| msgid "" #| "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" @@ -8072,7 +8169,7 @@ msgstr "" "manvolnum></citerefentry> para evaluar si la contraseña ha expirado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -8084,7 +8181,7 @@ msgstr "" "password." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." @@ -8094,19 +8191,19 @@ msgstr "" "establecida por esta opción." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" "Especifica si el seguimiento de referencias automático debería ser " "habilitado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -8115,7 +8212,7 @@ msgstr "" "está compilado con OpenLDAP versión 2.4.13 o más alta." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 #, fuzzy #| msgid "" #| "Chasing referrals may incur a performance penalty in environments that " @@ -8138,29 +8235,29 @@ msgstr "" "esta opción a false le llevará a una notable mejora de rendimiento." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "Especifica el nombre del servicio para utilizar cuando está habilitado el " "servicio de descubrimiento." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "Predeterminado: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." @@ -8170,17 +8267,17 @@ msgstr "" "descubrimiento." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "Por defecto: no fijado, esto es servicio descubridor deshabilitado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "ldap_chpass_update_last_change (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." @@ -8189,7 +8286,7 @@ msgstr "" "desde el Epoch después de una operación de cambio de contraseña." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -8198,12 +8295,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -8231,12 +8328,12 @@ msgstr "" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "Ejemplo:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -8248,7 +8345,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." @@ -8257,7 +8354,7 @@ msgstr "" "usuarios cuyo atributo employeeType esté establecido a \"admin\"." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -8270,17 +8367,17 @@ msgstr "" "se les seguirán otorgando acceso sin conexión y viceversa." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "Predeterminado: vacío" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." @@ -8289,7 +8386,7 @@ msgstr "" "control de acceso del lado cliente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -8300,12 +8397,12 @@ msgstr "" "una código de error definible aunque el password sea correcto." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "Los siguientes valores están permitidos:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." @@ -8314,7 +8411,7 @@ msgstr "" "determinar si la cuenta ha expirado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -8327,7 +8424,7 @@ msgstr "" "se comprueba el tiempo de expiración de la cuenta." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -8338,7 +8435,7 @@ msgstr "" "el acceso o no." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -8351,7 +8448,7 @@ msgstr "" "permitido. Si ambos atributos están desaparecidos se concede el acceso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -8362,24 +8459,24 @@ msgstr "" "la opción ldap_account_expire_policy funcione." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "ldap_access_order (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "Lista separada por coma de opciones de control de acceso. Los valores " "permitidos son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filtro</emphasis>: utilizar ldap_access_filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -8395,7 +8492,7 @@ msgstr "" "funciones." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" @@ -8405,7 +8502,7 @@ msgstr "" "</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -8427,12 +8524,12 @@ msgstr "" "estar establecido para que esta característica funcione." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -8447,31 +8544,31 @@ msgstr "" "método distinto a las contraseñas - por ejemplo claves SSH." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." @@ -8481,7 +8578,7 @@ msgstr "" "para una política de contraseña apropiada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" @@ -8490,13 +8587,13 @@ msgstr "" "autorizedService para determinar el acceso" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" "<emphasis>host</emphasis>: usa el atributo host para determinar el acceso" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" @@ -8505,7 +8602,7 @@ msgstr "" "host remoto puede acceder" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" @@ -8515,12 +8612,12 @@ msgstr "" "opción de control de acceso" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "Predeterminado: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." @@ -8529,12 +8626,12 @@ msgstr "" "una vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "ldap_pwdlockout_dn (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -8548,22 +8645,22 @@ msgstr "" "LDAP no pueden verificarse correctamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "Ejemplo: cn=ppolicy,ou=policies,dc=example,dc=com" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "Predeterminado: cn=ppolicy,ou=policies,$ldap_search_base" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "ldap_deref (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" @@ -8572,13 +8669,13 @@ msgstr "" "lleva a cabo una búsqueda. Están permitidas las siguientes opciones:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" "<emphasis>never</emphasis>: Nunca serán eliminadas las referencias al alias." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." @@ -8588,7 +8685,7 @@ msgstr "" "búsqueda." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." @@ -8597,7 +8694,7 @@ msgstr "" "cuando se localice el objeto base de la búsqueda." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." @@ -8606,7 +8703,7 @@ msgstr "" "para la búsqueda como en la localización del objeto base de la búsqueda." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -8615,12 +8712,12 @@ msgstr "" "librerías cliente LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "ldap_rfc2307_fallback_to_local_users (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -8629,7 +8726,7 @@ msgstr "" "servidores que usan el esquema RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -8647,7 +8744,7 @@ msgstr "" "llamadas getpw*() o initgroups()." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -8658,12 +8755,12 @@ msgstr "" "initgroups() aumentará los usuarios locales con los grupos LDAP adicionales." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "wildcard_limit (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." @@ -8672,46 +8769,46 @@ msgstr "" "descargadas durante una búsqueda de comodín." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" "En este momento solo el respondedor InfoPipe soporta búsqueda de comodín" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "Predeterminado: 1000 (frecuentemente el tamaño de una página)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 #, fuzzy #| msgid "debug_level (integer)" msgid "ldap_library_debug_level (integer)" msgstr "debug_level (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 #, fuzzy #| msgid "Default: 0 (disabled)" msgid "Default: 0 (libldap debugging disabled)" msgstr "Predeterminado: 0 (deshabilitado)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -8731,12 +8828,12 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "OPCIONES SUDO" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -8747,12 +8844,12 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "ldap_sudo_full_refresh_interval (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." @@ -8762,7 +8859,7 @@ msgstr "" "servidor)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" @@ -8771,24 +8868,24 @@ msgstr "" "emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "Por defecto: 21600 (6 horas)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "ldap_sudo_smart_refresh_interval (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -8800,7 +8897,7 @@ msgstr "" "actualmente SSSD)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." @@ -8809,7 +8906,7 @@ msgstr "" "atributo modifyTimestamp." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -8825,21 +8922,21 @@ msgstr "" "<emphasis>ldap_connection_expire_timeout</emphasis>)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 #, fuzzy #| msgid "ldap_idmap_range_size (integer)" msgid "ldap_sudo_random_offset (integer)" msgstr "ldap_idmap_range_size (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -8847,7 +8944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -8855,17 +8952,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "ldap_sudo_use_host_filter (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." @@ -8874,12 +8971,12 @@ msgstr "" "máquina (usando las direcciones de host/red y nombres de host IPv4 o IPv6)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "ldap_sudo_hostnames (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." @@ -8888,7 +8985,7 @@ msgstr "" "totalmente cualificados que sería usada para filtrar las reglas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." @@ -8897,8 +8994,8 @@ msgstr "" "nombre de dominio totalmente cualificado automáticamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." @@ -8907,17 +9004,17 @@ msgstr "" "emphasis> esta opción no tiene efecto." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "Por defecto: no especificado" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "ldap_sudo_ip (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." @@ -8926,7 +9023,7 @@ msgstr "" "usada para filtrar las reglas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." @@ -8935,12 +9032,12 @@ msgstr "" "automáticamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "sudo_include_netgroups (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." @@ -8949,12 +9046,12 @@ msgstr "" "atributo sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "ldap_sudo_include_regexp (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." @@ -8963,7 +9060,7 @@ msgstr "" "atributo sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" @@ -8972,7 +9069,7 @@ msgstr "" "del servidor LDAP!" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -8985,12 +9082,12 @@ msgstr "" "manvolnum> </citerefentry>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "OPCIONES AUTOFS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." @@ -8999,47 +9096,47 @@ msgstr "" "esquema LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "ldap_autofs_map_master_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "El nombre del mapa maestro de montaje automático en LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "Pfredeterminado: auto.master" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "OPCIONES AVANZADAS" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "<note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -9052,22 +9149,22 @@ msgstr "" "función, si los nombres de grupo no están siendo visualizados correctamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "</note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "ldap_sudo_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "ldap_autofs_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -9080,14 +9177,14 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "EJEMPLO" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -9098,7 +9195,7 @@ msgstr "" "replaceable>." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -9118,20 +9215,20 @@ msgstr "" "cache_credentials = true\n" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "EJEMPLO DE FILTRO DE ACCESO LDAP" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." @@ -9140,7 +9237,7 @@ msgstr "" "ldap_access_order=lockout." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -9166,13 +9263,13 @@ msgstr "" "cache_credentials = true\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "NOTAS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -11965,12 +12062,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "Ejemplo: dyndns_iface = em1, vnet1, vnet2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "dyndns_auth (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -11981,19 +12078,19 @@ msgstr "" "se pueden enviar fijando esta opción a 'none'." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "Predeterminado: GSS-TSIG" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 #, fuzzy #| msgid "dyndns_auth (string)" msgid "dyndns_auth_ptr (string)" msgstr "dyndns_auth (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 #, fuzzy #| msgid "" #| "Whether the nsupdate utility should use GSS-TSIG authentication for " @@ -12009,7 +12106,7 @@ msgstr "" "se pueden enviar fijando esta opción a 'none'." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -12088,17 +12185,24 @@ msgstr "" "se cambian los registros que envía." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "Predeterminado: False (deshabilitado)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "dyndns_force_tcp (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." @@ -12107,17 +12211,17 @@ msgstr "" "comunica con el servidor DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "Predeterminado: False (permitir a nsupdate elegir el protocolol)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "dyndns_server (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." @@ -12127,7 +12231,7 @@ msgstr "" "establecer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." @@ -12136,7 +12240,7 @@ msgstr "" "servidor DNS es distinto del servidor de identidad." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." @@ -12145,17 +12249,17 @@ msgstr "" "cuando el intento anterior de usar la configuración autodetectada falló." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "Predeterminado: None (permitir a nsupdate elegir el servidor)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "dyndns_update_per_family (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -12166,21 +12270,21 @@ msgstr "" "ser deseable llevar a cabo la actualización IPv4 e IPv6 en un único paso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "ldap_access_order (string)" msgid "ipa_access_order (string)" msgstr "ldap_access_order (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 #, fuzzy #| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 #, fuzzy #| msgid "" #| "Please note that 'access_provider = ldap' must be set for this feature to " @@ -12195,12 +12299,12 @@ msgstr "" "para una política de contraseña apropiada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "ipa_deskprofile_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." @@ -12209,19 +12313,19 @@ msgstr "" "relacionados con Desktop Profile." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "Predeterminado: Utilizar DN base" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 #, fuzzy #| msgid "ipa_subdomains_search_base (string)" msgid "ipa_subid_ranges_search_base (string)" msgstr "ipa_subdomains_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 #, fuzzy #| msgid "" #| "Optional. Use the given string as search base for Desktop Profile related " @@ -12234,98 +12338,98 @@ msgstr "" "relacionados con Desktop Profile." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 #, fuzzy #| msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "Por defecto: el valor de <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" "Opcional. Usa la cadena dada como base de búsqueda para los objetos HBAC " "relacionados." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "ipa_host_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "Obsoleto. Usa en su lugar ldap_host_search_base." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "ipa_selinux_search_base (cadena)Opcional. " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" "Opcional. Usa la cadena dada como base de búsqueda para los mapas de usuario " "SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "ipa_subdomains_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" "Opcional: Usa la cadena dada como base de búsqueda de dominios de confianza." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "Por defecto: el valor de <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "ipa_master_domain_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" "Opcional: Usa la cadena dada como base de búsqueda para el objeto maestro de " "dominio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "Por defecto: el valor de <emphasis>cn=ad,cn=etc,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "ipa_views_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" "Opcional. Usa la cadena dada como base de búsqueda de contenedores de vista." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" "Predeterminado: el valor de <emphasis>cn=views,cn=accounts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." @@ -12334,7 +12438,7 @@ msgstr "" "de <quote>ipa_domain</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." @@ -12343,12 +12447,12 @@ msgstr "" "convertido hacia la base DN para usarlo para llevar a cabo operaciones LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "krb5_confd_path (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." @@ -12357,7 +12461,7 @@ msgstr "" "configuración de Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." @@ -12366,7 +12470,7 @@ msgstr "" "parámetro a 'none'." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" @@ -12374,12 +12478,12 @@ msgstr "" "pubconf de SSSD)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "ipa_deskprofile_refresh (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -12390,17 +12494,17 @@ msgstr "" "hay muchas solicitudes de perfiles de escritorio en un período corto." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "Predeterminado: 5 (segundos)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "ipa_deskprofile_request_interval (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." @@ -12410,17 +12514,17 @@ msgstr "" "regla." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "Predeterminado: 60 (minutos)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -12431,12 +12535,12 @@ msgstr "" "muchas peticiones de control de acceso hechas en un corto período." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "ipa_hbac_selinux (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -12447,12 +12551,12 @@ msgstr "" "hay muchas peticiones de acceso de usuario hechas en un corto período." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "ipa_server_mode (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." @@ -12461,7 +12565,7 @@ msgstr "" "automáticamente y denota si SSSD está corriendo sobre un servidor IPA o no." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." @@ -12471,7 +12575,7 @@ msgstr "" "servidor IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." @@ -12480,7 +12584,7 @@ msgstr "" "se ejecuta en un servidor IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -12491,7 +12595,7 @@ msgstr "" "instalador IPA de modo que no se necesitan cambios manuales." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." @@ -12500,52 +12604,52 @@ msgstr "" "solo nombres cortos de los usuarios de los dominios de confianza." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "ipa_automount_location (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "La localización del automontador de este cliente IPA que será usada" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "Por defecto: La localización llamada “default”" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "VISTAS Y ANULACIONES" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "ipa_view_class (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "Objectclass del contenedorde vistas." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "Predeterminado: nsContainer" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "ipa_view_name (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "Nombre del atributo que contiene el nombre de la vista." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -12553,27 +12657,27 @@ msgid "Default: cn" msgstr "Predeterminado: cn" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "ipa_override_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "Objectclass de los objetos anulados." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "Predeterminado: ipaOverrideAnchor" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "ipa_anchor_uuid (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." @@ -12582,17 +12686,17 @@ msgstr "" "dominio remoto." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "Predeterminado: ipaAnchorUUID" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "ipa_user_override_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." @@ -12601,57 +12705,57 @@ msgstr "" "si el objeto anulado encontrado está relacionado con un usuario o un grupo." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "Las anulaciones de usuario pueden contener atributos dados por" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "ldap_user_name" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "ldap_user_uid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "ldap_user_gid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "ldap_user_gecos" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "ldap_user_home_directory" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "ldap_user_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "ldap_user_ssh_public_key" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "Predeterminado: ipaUserOverride" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "ipa_group_override_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." @@ -12660,27 +12764,27 @@ msgstr "" "objeto anulado encontrado está relacionado con un usuario o un grupo." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "Las anulaciones de grupo pueden contener atributos dados por" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "ldap_group_name" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "ldap_group_gid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "Predeterminado: ipaGroupOverride" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -12695,12 +12799,12 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "PROVEEDOR DE SUBDOMINIOS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." @@ -12709,7 +12813,7 @@ msgstr "" "si está configurado explícitamente o implícitamente." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -12721,7 +12825,7 @@ msgstr "" "de IPA si es necesario." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -12741,12 +12845,12 @@ msgstr "" "otra vez." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "CONFIGURACIÓN DE DOMINIOS DE CONFIANZA" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -12756,7 +12860,7 @@ msgstr "" "ad_server = dc.ad.domain.com\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -12766,14 +12870,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." @@ -12783,12 +12887,12 @@ msgstr "" "IPA o un cliente IPA." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "OPCIONES AJUSTABLES EN IPA MAESTROS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" @@ -12796,42 +12900,42 @@ msgstr "" "un IPA maestro:" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "ad_server" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "ad_backup_server" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "ad_site" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "ldap_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "ldap_user_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "ldap_group_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "OPCIONES AJUSTABLES SOBRE CLIENTES IPA" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" @@ -12839,7 +12943,7 @@ msgstr "" "sobre un cliente IPA:" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." @@ -12848,7 +12952,7 @@ msgstr "" "<quote>ad_server</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -12872,7 +12976,7 @@ msgstr "" "localizador Kerberos." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -12883,7 +12987,7 @@ msgstr "" "Este ejemplo muestra sólo las opciones específicas del proveedor ipa." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -14294,7 +14398,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -14305,7 +14409,7 @@ msgstr "" "Este ejemplo muestra sólo las opciones específicas del proveedor AD." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -14329,7 +14433,7 @@ msgstr "" "ad_domain = example.com\n" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -14341,7 +14445,7 @@ msgstr "" "ldap_account_expire_policy = ad\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -14352,7 +14456,7 @@ msgstr "" "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -14362,7 +14466,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -20528,9 +20632,13 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" "Cuando esta opción está configurada, los dominios serán asignados empezando " "con la rebanada cero e incrementándose de uno en uno con cada dominio " @@ -21485,6 +21593,20 @@ msgid "" "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "Esta opción no está disponible en el proveedor IPA." + +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "Determina si las credenciales del usuario están también escondidas en el " +#~ "cache LDB local" + #~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" #~ msgstr "" #~ "Las credenciales de usuario son almacenadas en un hash SHA512, no en " diff --git a/src/man/po/eu.po b/src/man/po/eu.po index d93aef8f1d3..0d3a52dd409 100644 --- a/src/man/po/eu.po +++ b/src/man/po/eu.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2014-12-14 11:55-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/" @@ -204,11 +204,11 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "" @@ -225,11 +225,11 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -263,8 +263,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -294,8 +294,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -359,19 +359,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "" @@ -393,7 +393,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "" @@ -413,12 +413,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -426,39 +426,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -601,8 +601,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -872,7 +872,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -917,11 +917,11 @@ msgstr "" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -948,12 +948,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -962,22 +962,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -987,17 +987,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1007,17 +1007,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 msgid "Default: 60, KCM: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1028,14 +1028,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1043,44 +1043,44 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 msgid "offline_timeout_max (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1089,58 +1089,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 msgid "Default: 3600" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 msgid "Default: 30" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1152,58 +1152,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 -#: sssd-ldap.5.xml:331 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1211,7 +1211,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1221,7 +1221,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1230,17 +1230,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1248,17 +1248,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1266,17 +1266,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1285,7 +1285,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1294,41 +1294,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1336,23 +1336,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1360,47 +1360,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1408,113 +1408,113 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1522,25 +1522,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 msgid "memcache_size_group (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1548,19 +1548,19 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1568,12 +1568,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 msgid "memcache_size_sid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1582,12 +1582,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1598,43 +1598,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 msgid "Default: <quote>*</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1643,60 +1643,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1704,59 +1704,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1765,51 +1765,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1820,23 +1820,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1844,7 +1844,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1853,17 +1853,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1871,31 +1871,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1905,75 +1905,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -1981,19 +1981,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2001,40 +2001,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2042,34 +2042,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2079,7 +2079,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2087,59 +2087,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 msgid "passkey_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2147,7 +2147,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2159,63 +2159,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2223,12 +2223,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2239,7 +2239,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2247,7 +2247,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2255,7 +2255,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2264,47 +2264,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2313,30 +2313,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2344,7 +2344,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2352,22 +2352,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2375,25 +2375,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2401,7 +2401,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2416,7 +2416,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2424,45 +2424,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2470,7 +2470,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2478,17 +2478,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2499,24 +2499,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2526,22 +2526,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2549,51 +2549,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2602,12 +2602,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2617,7 +2617,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2625,7 +2625,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2634,38 +2634,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2676,7 +2676,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2687,24 +2687,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2712,12 +2712,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2726,24 +2726,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 msgid "pac_check (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2754,24 +2754,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2779,24 +2779,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2808,7 +2808,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2819,60 +2819,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -2882,66 +2882,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -2949,17 +2949,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -2967,7 +2967,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -2976,56 +2976,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 msgid "exclude_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3035,12 +3035,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3049,14 +3049,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3065,38 +3065,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3105,24 +3105,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3131,29 +3131,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3167,14 +3167,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3183,39 +3183,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3224,19 +3224,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3247,139 +3247,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3388,17 +3388,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3410,23 +3410,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 -msgid "Determines if user credentials are also cached in the local LDB cache." +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3435,12 +3441,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3448,19 +3454,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3469,17 +3475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3488,28 +3494,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3517,7 +3523,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3525,18 +3531,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3544,19 +3549,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3565,7 +3570,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3573,24 +3578,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3602,7 +3607,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3610,30 +3615,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3641,7 +3646,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3649,30 +3654,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3680,19 +3685,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3701,7 +3706,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3709,29 +3714,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3739,7 +3744,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3747,35 +3752,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3783,32 +3788,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3819,7 +3824,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3828,12 +3833,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3841,7 +3846,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3849,31 +3854,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3881,7 +3886,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3890,17 +3895,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3908,43 +3913,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3952,7 +3957,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3960,7 +3965,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3968,24 +3973,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3993,31 +3998,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4025,7 +4030,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4034,12 +4039,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4049,24 +4054,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4075,19 +4080,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4097,89 +4102,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3679 msgid "dns_resolver_server_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3702 msgid "dns_resolver_op_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4187,12 +4192,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4201,12 +4206,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3743 msgid "dns_resolver_use_search_list (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4214,7 +4219,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4222,69 +4227,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4292,31 +4297,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4324,104 +4329,104 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3858 msgid "ldap_offline_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3861 msgid "ldap_enumeration_refresh_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3880 msgid "ldap_enumeration_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3883 msgid "ldap_connection_expire_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3886 msgid "ldap_connection_expire_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4429,27 +4434,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4459,34 +4464,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4495,19 +4500,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4515,24 +4520,92 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3989 +msgid "local_auth_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +msgid "Default: match" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4541,24 +4614,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4568,14 +4641,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4583,21 +4656,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4605,7 +4678,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4614,7 +4687,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4623,7 +4696,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4631,29 +4704,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4661,12 +4735,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4674,12 +4748,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4688,12 +4762,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4701,19 +4775,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4730,7 +4804,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4738,17 +4812,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4757,7 +4831,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4767,7 +4841,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4787,12 +4861,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4803,69 +4877,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4878,7 +4952,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4886,7 +4960,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4895,55 +4969,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -4952,17 +5026,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -4970,26 +5044,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -4998,17 +5072,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5018,7 +5092,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5027,59 +5101,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5088,7 +5162,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5097,17 +5171,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5115,46 +5189,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5163,7 +5237,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5171,12 +5245,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5206,7 +5280,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5215,7 +5289,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5223,7 +5297,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5234,7 +5308,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5245,7 +5319,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5299,26 +5373,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5328,33 +5402,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5363,71 +5437,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5436,7 +5510,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5447,12 +5521,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5460,32 +5534,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5496,37 +5570,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5535,74 +5609,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5611,24 +5685,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5636,7 +5710,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5645,12 +5719,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -5658,7 +5732,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5668,7 +5742,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5678,67 +5752,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5746,7 +5820,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5754,12 +5828,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5767,12 +5841,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -5783,12 +5857,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5797,12 +5871,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5811,7 +5885,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5822,36 +5896,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 msgid "ldap_connection_idle_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -5859,29 +5933,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -5889,14 +5963,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -5904,17 +5978,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -5924,12 +5998,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -5937,17 +6011,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -5955,12 +6029,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -5968,7 +6042,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -5979,7 +6053,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -5988,7 +6062,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -5996,12 +6070,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6009,7 +6083,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6017,26 +6091,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6044,7 +6118,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6052,7 +6126,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6060,41 +6134,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6103,32 +6177,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6136,24 +6210,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6161,17 +6236,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6182,24 +6257,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6210,12 +6285,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6228,7 +6303,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6240,17 +6315,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6258,49 +6333,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6308,28 +6383,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6341,7 +6416,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6349,7 +6424,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6357,39 +6432,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6399,7 +6474,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6407,26 +6482,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6435,7 +6510,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6443,31 +6518,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6480,51 +6555,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6533,12 +6608,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6554,12 +6629,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6568,14 +6643,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6584,24 +6659,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6609,19 +6684,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6630,7 +6705,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -6638,7 +6713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6647,7 +6722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -6655,22 +6730,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6680,14 +6755,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6700,12 +6775,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6715,81 +6790,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6798,74 +6873,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -6876,7 +6951,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -6884,53 +6959,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -6942,12 +7017,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -6955,43 +7030,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -6999,14 +7074,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7016,19 +7091,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7036,7 +7111,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7044,106 +7119,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7152,59 +7227,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7213,22 +7288,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7237,14 +7312,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7252,7 +7327,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7265,27 +7340,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7301,13 +7376,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9636,12 +9711,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9649,17 +9724,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9667,7 +9742,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9726,65 +9801,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9792,177 +9874,177 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 msgid "ipa_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -9970,34 +10052,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10005,12 +10087,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10018,33 +10100,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10052,59 +10134,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10112,128 +10194,128 @@ msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10243,19 +10325,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10263,7 +10345,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10275,12 +10357,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10288,7 +10370,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10298,80 +10380,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10385,7 +10467,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -10393,7 +10475,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11587,7 +11669,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11595,7 +11677,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11610,7 +11692,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11619,7 +11701,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11627,7 +11709,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11637,7 +11719,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -17240,7 +17322,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/fi.po b/src/man/po/fi.po index b29b914bf17..c4d7f56c373 100644 --- a/src/man/po/fi.po +++ b/src/man/po/fi.po @@ -3,7 +3,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2022-03-20 19:16+0000\n" "Last-Translator: Jan Kuparinen <copper_fin@hotmail.com>\n" "Language-Team: Finnish <https://translate.fedoraproject.org/projects/sssd/" @@ -200,11 +200,11 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Oletus:tosi" @@ -221,11 +221,11 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -259,8 +259,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -290,8 +290,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -357,19 +357,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "" @@ -391,7 +391,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "" @@ -411,12 +411,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -424,39 +424,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "käyttäjänimi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -603,8 +603,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -874,7 +874,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Oletus: ei asetettu" @@ -919,11 +919,11 @@ msgstr "" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -950,12 +950,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -964,22 +964,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -989,17 +989,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1009,17 +1009,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 msgid "Default: 60, KCM: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "offline_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1030,14 +1030,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1045,44 +1045,44 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 msgid "offline_timeout_max (integer)" msgstr "offline_timeout_max (integeri)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1091,58 +1091,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 msgid "Default: 3600" msgstr "Oletus: 3600" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "offline_timeout_random_offset (integeri)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 msgid "Default: 30" msgstr "Oletus: 30" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1154,58 +1154,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 -#: sssd-ldap.5.xml:331 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1213,7 +1213,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1223,7 +1223,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1232,17 +1232,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1250,17 +1250,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1268,17 +1268,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1287,7 +1287,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1296,41 +1296,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1338,23 +1338,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Esimerkki: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1362,47 +1362,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1410,113 +1410,113 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "Oletuskomentorivitulkki" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "memcache_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "memcache_size_passwd (integeri)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1524,25 +1524,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 msgid "memcache_size_group (integer)" msgstr "memcache_size_group (integeri)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1550,19 +1550,19 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "memcache_size_initgroups (integeri)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1570,14 +1570,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 #, fuzzy #| msgid "memcache_size_passwd (integer)" msgid "memcache_size_sid (integer)" msgstr "memcache_size_passwd (integeri)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1586,12 +1586,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1602,43 +1602,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 msgid "Default: <quote>*</quote>" msgstr "Oletus: <quote>*</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1647,60 +1647,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1708,59 +1708,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1769,51 +1769,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1824,23 +1824,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1848,7 +1848,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1857,17 +1857,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1875,31 +1875,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1909,75 +1909,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "Oletus: ei mitään" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -1985,19 +1985,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2005,40 +2005,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "Oletus:epätosi" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2046,34 +2046,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "Oletus:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2083,7 +2083,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2093,61 +2093,61 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "entry_cache_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "entry_cache_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2155,7 +2155,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2167,63 +2167,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "kirjautuminen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2231,12 +2231,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2247,7 +2247,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2255,7 +2255,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2263,7 +2263,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2272,47 +2272,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "aina" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "Ei koskaan" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2321,30 +2321,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2352,7 +2352,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2362,22 +2362,22 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Esimerkki: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2385,25 +2385,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Oletus:tosi" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2411,7 +2411,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2426,7 +2426,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2434,45 +2434,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2480,7 +2480,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2488,17 +2488,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "Oletus: ei asetettu(todennusindikaattoreiden käyttöä ei vaadita)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2509,24 +2509,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2536,22 +2536,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2559,51 +2559,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2612,12 +2612,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2627,7 +2627,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2635,7 +2635,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2644,38 +2644,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2686,7 +2686,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2697,24 +2697,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2722,12 +2722,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2736,24 +2736,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 msgid "pac_check (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2764,26 +2764,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 #, fuzzy #| msgid "present" msgid "pac_present" msgstr "nykyinen" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2791,24 +2791,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2820,7 +2820,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2831,60 +2831,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -2894,66 +2894,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -2961,17 +2961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -2979,7 +2979,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -2988,56 +2988,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 msgid "exclude_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "käytössä" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3047,12 +3047,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3061,14 +3061,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3077,38 +3077,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3117,24 +3117,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3143,29 +3143,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3179,14 +3179,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3195,39 +3195,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "kaikki" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "Ei mitään" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3236,19 +3236,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3259,139 +3259,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3400,17 +3400,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3422,23 +3422,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 -msgid "Determines if user credentials are also cached in the local LDB cache." +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3447,12 +3453,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3460,19 +3466,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3481,17 +3487,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3500,28 +3506,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3529,7 +3535,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3537,18 +3543,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3556,19 +3561,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3577,7 +3582,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3585,24 +3590,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3614,7 +3619,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3622,30 +3627,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3653,7 +3658,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3661,30 +3666,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3692,19 +3697,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3713,7 +3718,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3721,29 +3726,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3751,7 +3756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3759,35 +3764,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3795,32 +3800,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3831,7 +3836,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3840,12 +3845,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3853,7 +3858,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3861,31 +3866,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3893,7 +3898,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3902,17 +3907,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3920,43 +3925,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3964,7 +3969,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3972,7 +3977,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3980,24 +3985,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4005,31 +4010,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4037,7 +4042,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4046,12 +4051,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4061,24 +4066,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "käyttäjänimi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4087,19 +4092,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4109,89 +4114,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3679 msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_server_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3702 msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_op_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4199,12 +4204,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4213,14 +4218,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3743 #, fuzzy #| msgid "dns_resolver_server_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_server_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4228,7 +4233,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4236,71 +4241,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3758 #, fuzzy #| msgid "Default: True" msgid "Default: TRUE" msgstr "Oletus:tosi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "epätosi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4308,31 +4313,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4340,124 +4345,124 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3849 #, fuzzy #| msgid "ldap_purge_cache_timeout" msgid "ldap_search_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3852 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_network_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3855 #, fuzzy #| msgid "ldap_purge_cache_timeout" msgid "ldap_opt_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3858 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_offline_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3861 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_enumeration_refresh_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3870 #, fuzzy #| msgid "ldap_purge_cache_timeout" msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3880 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_enumeration_search_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3883 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_connection_expire_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3886 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_connection_expire_offset" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3889 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_connection_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4467,27 +4472,27 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4497,34 +4502,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4533,19 +4538,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4553,24 +4558,96 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "ldap_user_principal" +msgid "local_auth_policy (string)" +msgstr "ldap_user_principal" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: true" +msgid "Default: match" +msgstr "Oletus:tosi" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "tosi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4579,24 +4656,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "epätosi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4606,14 +4683,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4621,21 +4698,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4643,7 +4720,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4652,7 +4729,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4661,7 +4738,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4669,29 +4746,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4699,12 +4777,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4712,12 +4790,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4726,12 +4804,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4739,19 +4817,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4768,7 +4846,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4776,17 +4854,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4795,7 +4873,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4805,7 +4883,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4825,12 +4903,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4841,69 +4919,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4916,7 +4994,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4924,7 +5002,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4933,55 +5011,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -4990,17 +5068,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5008,26 +5086,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5036,17 +5114,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5056,7 +5134,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5065,59 +5143,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5126,7 +5204,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5135,17 +5213,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5153,46 +5231,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5201,7 +5279,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5209,12 +5287,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5244,7 +5322,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5253,7 +5331,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5261,7 +5339,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5272,7 +5350,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5283,7 +5361,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5337,26 +5415,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5366,33 +5444,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5401,71 +5479,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "Esimerkki:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5474,7 +5552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5485,12 +5563,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5498,32 +5576,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5534,37 +5612,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5573,74 +5651,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "salasana" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5649,24 +5727,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5674,7 +5752,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5683,12 +5761,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -5696,7 +5774,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5706,7 +5784,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5716,67 +5794,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5784,7 +5862,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5792,12 +5870,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5805,12 +5883,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -5821,12 +5899,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5835,12 +5913,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5849,7 +5927,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5860,38 +5938,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 #, fuzzy #| msgid "ad_gpo_cache_timeout (integer)" msgid "ldap_connection_idle_timeout (integer)" msgstr "ad_gpo_cache_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -5899,29 +5977,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -5929,14 +6007,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -5944,17 +6022,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -5964,12 +6042,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -5977,17 +6055,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -5995,12 +6073,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6008,7 +6086,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6019,7 +6097,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6028,7 +6106,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6036,12 +6114,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6049,7 +6127,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6057,26 +6135,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6084,7 +6162,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6092,7 +6170,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6100,41 +6178,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6143,32 +6221,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6176,24 +6254,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6201,17 +6280,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6222,24 +6301,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6250,12 +6329,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6268,7 +6347,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6280,17 +6359,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6298,49 +6377,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "Oletus: epätosi;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6348,28 +6427,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6381,7 +6460,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6389,7 +6468,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6397,39 +6476,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6439,7 +6518,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6447,26 +6526,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6475,7 +6554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6483,31 +6562,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6520,51 +6599,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6573,12 +6652,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6594,12 +6673,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "Esimerkki:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6608,14 +6687,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6624,24 +6703,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6649,19 +6728,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6670,7 +6749,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -6678,7 +6757,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6687,7 +6766,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -6695,22 +6774,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6720,14 +6799,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6740,12 +6819,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6755,81 +6834,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6838,74 +6917,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -6916,7 +6995,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -6924,53 +7003,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "ldap_library_debug_level (integeri)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -6982,12 +7061,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -6995,43 +7074,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7039,14 +7118,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7056,19 +7135,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7076,7 +7155,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7084,106 +7163,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7192,59 +7271,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7253,22 +7332,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7277,14 +7356,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7292,7 +7371,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7305,27 +7384,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7341,13 +7420,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9676,12 +9755,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9689,17 +9768,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9707,7 +9786,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9766,65 +9845,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9832,177 +9918,177 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 msgid "ipa_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10010,34 +10096,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10045,12 +10131,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10058,33 +10144,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10092,59 +10178,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10152,128 +10238,128 @@ msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10283,19 +10369,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10303,7 +10389,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10315,12 +10401,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10328,7 +10414,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10338,80 +10424,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10425,7 +10511,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -10433,7 +10519,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11627,7 +11713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11635,7 +11721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11650,7 +11736,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11659,7 +11745,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11667,7 +11753,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11677,7 +11763,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -17282,7 +17368,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/fr.po b/src/man/po/fr.po index faf7e6a4489..a19c03f038a 100644 --- a/src/man/po/fr.po +++ b/src/man/po/fr.po @@ -17,7 +17,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2020-07-22 07:49-0400\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: French (http://www.transifex.com/projects/p/sssd/language/" @@ -235,11 +235,11 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Par défaut : true" @@ -259,11 +259,11 @@ msgstr "" "sera ignorée." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -299,8 +299,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -330,8 +330,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Par défaut : 10" @@ -402,12 +402,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -417,7 +417,7 @@ msgstr "" "d'abandonner" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Par défaut : 3" @@ -439,7 +439,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (chaîne)" @@ -461,12 +461,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -478,33 +478,33 @@ msgstr "" "domaine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "nom d'utilisateur" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" "nom de domaine tel qu'indiqué dans le fichier de configuration de SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." @@ -514,7 +514,7 @@ msgstr "" "d'approbation IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -679,8 +679,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -964,7 +964,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Par défaut : non défini" @@ -1017,11 +1017,11 @@ msgstr "ldap_user_certificate (chaîne)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -1060,12 +1060,12 @@ msgstr "" "l'identité des domaines. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "SECTIONS DE SERVICES" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -1078,22 +1078,22 @@ msgstr "" "section doit être <quote>[nss]</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "Options générales de configuration de service" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "Ces options peuvent être utilisées pour configurer les services." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1108,17 +1108,17 @@ msgstr "" "valeur inférieure ou la limite « hard » de limits.conf." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "Par défault : 8192 (ou la limite « hard » de limits.conf)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1128,19 +1128,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 300" msgid "Default: 60, KCM: 300" msgstr "Par défaut : 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "offline_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1151,14 +1151,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1166,46 +1166,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "Par défaut : 60" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 #, fuzzy #| msgid "offline_timeout (integer)" msgid "offline_timeout_max (integer)" msgstr "offline_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1214,66 +1214,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 300" msgid "Default: 3600" msgstr "Par défaut : 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 #, fuzzy #| msgid "offline_timeout + random_offset" msgid "offline_timeout_random_offset (integer)" msgstr "offline_timeout + random_offset" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 #, fuzzy #| msgid "offline_timeout + random_offset" msgid "[0 - offline_timeout_random_offset]" msgstr "offline_timeout + random_offset" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 300" msgid "Default: 30" msgstr "Par défaut : 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1285,30 +1285,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 -#: sssd-ldap.5.xml:331 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "Par défaut : 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "Options de configuration NSS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -1316,12 +1316,12 @@ msgstr "" "Switch (NSS)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" @@ -1330,17 +1330,17 @@ msgstr "" "énumérations (requêtes sur les informations de tous les utilisateurs)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "Par défaut : 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1351,7 +1351,7 @@ msgstr "" "valeur de entry_cache_timeout pour le domaine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1367,7 +1367,7 @@ msgstr "" "cache." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1380,17 +1380,17 @@ msgstr "" "de non réponse à moins de 10 secondes (0 pour désactiver l'option)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "Par défaut : 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1402,17 +1402,17 @@ msgstr "" "appel au moteur." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "Par défaut : 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1420,17 +1420,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1439,7 +1439,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1448,17 +1448,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "Par défaut : root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (booléen)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" @@ -1466,12 +1466,12 @@ msgstr "" "membres de groupes." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "fallback_homedir (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." @@ -1480,7 +1480,7 @@ msgstr "" "explicitement spécifié par le fournisseur de données du domaine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" @@ -1488,7 +1488,7 @@ msgstr "" "override_homedir." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1498,25 +1498,25 @@ msgstr "" " " #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "exemple : <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" "Par défaut : non défini (aucune substitution pour les répertoires d'accueil " "non définis)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "override_shell (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1528,17 +1528,17 @@ msgstr "" "section [nss], soit par domaine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "Par défaut : indéfini (SSSD utilisera la valeur récupérée de LDAP)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "allowed_shells (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" @@ -1546,14 +1546,14 @@ msgstr "" "indiquées. L'ordre d'évaluation est :" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" "1. Si l'interpréteur de commandes est présent dans <quote>/etc/shells</" "quote>, il est utilisé." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." @@ -1563,7 +1563,7 @@ msgstr "" "shell_fallback » sera utilisée." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." @@ -1572,12 +1572,12 @@ msgstr "" "ni dans <quote>/etc/shells</quote>, une connexion sans shell est utilisée." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1585,14 +1585,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" "Une chaîne vide pour l'interpréteur de commandes est passée telle quelle est " "à la libc." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." @@ -1602,31 +1602,31 @@ msgstr "" "est installé." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" "Par défaut : non défini. L'interpréteur de commandes de l'utilisateur est " "utilisé automatiquement." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "vetoed_shells (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" "Remplace toutes les occurences de ces interpréteurs de commandes par " "l'interpréteur de commandes par défaut" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "shell_fallback (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" @@ -1634,17 +1634,17 @@ msgstr "" "commandes autorisé n'est pas installé sur la machine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "Par défaut : /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "default_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." @@ -1654,7 +1654,7 @@ msgstr "" "choix soit dans la section [nss], soit par domaine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" @@ -1664,12 +1664,12 @@ msgstr "" "nécessaire, habituellement /bin/sh)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "get_domains_timeout (int)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." @@ -1678,43 +1678,43 @@ msgstr "" "jugée valide." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_timeout (integer)" msgstr "enum_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_passwd (integer)" msgstr "enum_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1722,27 +1722,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "Par défaut : 8" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_group (integer)" msgstr "enum_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1750,21 +1750,21 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Par défaut : 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_initgroups (integer)" msgstr "enum_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1772,14 +1772,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_sid (integer)" msgstr "enum_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1788,12 +1788,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "user_attributes (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1804,38 +1804,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "Par défaut : non défini, repli sur l'option InfoPipe" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 #, fuzzy #| msgid "Default: <quote>permit</quote>" msgid "Default: <quote>*</quote>" msgstr "Par défaut : <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 #, fuzzy #| msgid "This option can also be set per-domain." msgid "" @@ -1844,7 +1844,7 @@ msgid "" msgstr "Cette option peut aussi être définie pour chaque domaine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1853,12 +1853,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "Options de configuration de PAM" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." @@ -1867,12 +1867,12 @@ msgstr "" "Module (PAM)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." @@ -1882,17 +1882,17 @@ msgstr "" "connexion réussie)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "Par défaut : 0 (pas de limite)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." @@ -1901,12 +1901,12 @@ msgstr "" "échouées sont autorisées." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." @@ -1916,7 +1916,7 @@ msgstr "" "soit possible." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1927,17 +1927,17 @@ msgstr "" "connexion réussie en ligne peut réactiver l'authentification." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "Par défaut : 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." @@ -1947,46 +1947,46 @@ msgstr "" "affichés sera important." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "Actuellement sssd supporte les valeurs suivantes :" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis> : ne pas afficher de message" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis> : afficher seulement les messages importants" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis> : afficher les messages d'information" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" "<emphasis>3</emphasis> : afficher tous les messages et informations de " "débogage" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "Par défaut : 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 #, fuzzy #| msgid "ad_access_filter (string)" msgid "pam_response_filter (string)" msgstr "ad_access_filter (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1995,51 +1995,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -2050,23 +2050,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -2078,7 +2078,7 @@ msgstr "" "les dernières informations." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -2092,17 +2092,17 @@ msgstr "" "fournisseur d'identité." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "Afficher une alerte N jours avant l'expiration du mot de passe." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -2113,7 +2113,7 @@ msgstr "" "ne peut afficher de message d'alerte." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -2123,7 +2123,7 @@ msgstr "" "sera automatiquement affiché." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." @@ -2132,17 +2132,17 @@ msgstr "" "<emphasis>pwd_expiration_warning</emphasis> pour un domaine particulier." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "Par défaut : 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "pam_trusted_users (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -2152,37 +2152,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "pam_public_domains (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" "Deux valeurs spéciales pour l'option pam_public_domains sont définies :" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" @@ -2190,7 +2190,7 @@ msgstr "" "à tous les domaines PAM dans le répondeur.)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" @@ -2199,33 +2199,33 @@ msgstr "" "autorisés à accéder à un des domaines PAM dans le répondeur.)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "Par défaut : aucun" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "pam_account_expired_message (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2233,19 +2233,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2253,42 +2253,42 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 #, fuzzy #| msgid "ldap_chpass_update_last_change (bool)" msgid "pam_passkey_auth (bool)" msgstr "ldap_chpass_update_last_change (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "Par défaut : False" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2296,36 +2296,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 #, fuzzy #| msgid "ldap_user_certificate (string)" msgid "pam_cert_verification (string)" msgstr "ldap_user_certificate (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2335,7 +2335,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, fuzzy, no-wrap #| msgid "" #| "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -2348,61 +2348,61 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "pam_id_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "pam_id_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2410,7 +2410,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2422,63 +2422,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2486,12 +2486,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2502,7 +2502,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2510,7 +2510,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2518,7 +2518,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2527,47 +2527,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2576,19 +2576,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 #, fuzzy #| msgid "ad_gpo_map_service (string)" msgid "pam_gssapi_services" msgstr "ad_gpo_map_service (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 #, fuzzy #| msgid "Comma separated list of users who are allowed to log in." msgid "" @@ -2598,13 +2598,13 @@ msgstr "" "Liste séparée par des virgules d'utilisateurs autorisés à se connecter." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2612,7 +2612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, fuzzy, no-wrap #| msgid "" #| "fallback_homedir = /home/%u\n" @@ -2625,22 +2625,22 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Exemple : <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2648,25 +2648,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Par défaut : True" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2674,7 +2674,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2689,7 +2689,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2697,45 +2697,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2743,7 +2743,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2751,7 +2751,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 #, fuzzy #| msgid "Default: not set (no substitution for unset home directories)" msgid "Default: not set (use of authentication indicators is not required)" @@ -2760,12 +2760,12 @@ msgstr "" "non définis)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "Options de configuration de SUDO" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2782,12 +2782,12 @@ msgstr "" "sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "sudo_timed (booléen)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." @@ -2796,12 +2796,12 @@ msgstr "" "les entrées sudoers sensibles au temps." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2811,22 +2811,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "Options de configuration AUTOFS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "Ces options peuvent être utilisées pour configurer le service autofs." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "autofs_negative_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2838,23 +2838,23 @@ msgstr "" "moteur." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "Options de configuration SSH" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" "Les options suivantes peuvent être utilisées pour configurer le service SSH." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "ssh_hash_known_hosts (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." @@ -2862,12 +2862,12 @@ msgstr "" "Condenser ou non les noms de systèmes et adresses du fichier known_hosts" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "ssh_known_hosts_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." @@ -2876,17 +2876,17 @@ msgstr "" "known_hosts géré après que ses clés de système ont été demandés." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "Par défaut : 180" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2895,12 +2895,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2910,7 +2910,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2918,7 +2918,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2927,38 +2927,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "Options de configuration du répondeur PAC" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2969,7 +2969,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2980,7 +2980,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." @@ -2989,19 +2989,19 @@ msgstr "" "ajouté à ces groupes." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" "Les options suivantes peuvent être utilisées pour configurer le répondeur " "PAC." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "allowed_uids (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -3012,14 +3012,14 @@ msgstr "" "seront résolus en UID au démarrage." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" "Par défaut : 0 (seul l'utilisateur root est autorisé à accéder au répondeur " "PAC)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -3032,26 +3032,26 @@ msgstr "" "0 à la liste des UID d'utilisateurs autorisés." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 #, fuzzy #| msgid "ldap_schema (string)" msgid "pac_check (string)" msgstr "ldap_schema (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -3062,24 +3062,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -3087,24 +3087,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -3116,7 +3116,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -3127,41 +3127,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -3174,19 +3174,19 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -3196,66 +3196,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3263,17 +3263,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3281,7 +3281,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3290,64 +3290,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 #, fuzzy #| msgid "simple_deny_users (string)" msgid "exclude_users (string)" msgstr "simple_deny_users (chaîne)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 #, fuzzy #| msgid "Default: empty, i.e. ldap_uri is used." msgid "Default: Empty. No users excluded." msgstr "Par défaut : vide, ldap_uri est donc utilisé." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 #, fuzzy #| msgid "simple_deny_groups (string)" msgid "exclude_groups (string)" msgstr "simple_deny_groups (chaîne)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 #, fuzzy #| msgid "Default: empty, i.e. ldap_uri is used." msgid "Default: Empty. No groups excluded." msgstr "Par défaut : vide, ldap_uri est donc utilisé." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "SECTIONS DOMAINES" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3357,12 +3357,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3371,14 +3371,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3387,31 +3387,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." @@ -3420,7 +3420,7 @@ msgstr "" "dehors de ces limites, elle est ignorée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3433,7 +3433,7 @@ msgstr "" "qui sont dans la plage seront rapportés comme prévu." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." @@ -3442,17 +3442,17 @@ msgstr "" "pas seulement leur recherche par nom ou identifiant." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Default: 1 for min_id, 0 (no limit) for max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "enumerate (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3461,29 +3461,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = utilisateurs et groupes sont énumérés" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = aucune énumération pour ce domaine" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "Par défaut : FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3497,7 +3497,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." @@ -3507,7 +3507,7 @@ msgstr "" "l'énumération ne se termine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3521,7 +3521,7 @@ msgstr "" "fournisseur d'identité spécifique utilisé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." @@ -3530,32 +3530,32 @@ msgstr "" "déconseillée, surtout dans les environnements de grande taille." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "subdomain_enumerate (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "all" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "Tous les domaines approuvés découverts seront énumérés" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "Aucun domaine approuvé découvert ne sera énuméré" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3569,12 +3569,12 @@ msgstr "" "activer l'énumération pour ces seuls domaines." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" @@ -3583,7 +3583,7 @@ msgstr "" "comme valides avant de les redemander au moteur" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3601,17 +3601,17 @@ msgstr "" "rafraîchissement des entrées qui sont déjà en cache." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "Par défaut : 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "entry_cache_user_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" @@ -3620,19 +3620,19 @@ msgstr "" "d'utilisateurs comme valides avant de les redemander au moteur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "Par défaut : entry_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "entry_cache_group_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" @@ -3641,12 +3641,12 @@ msgstr "" "groupes comme valides avant de les redemander au moteur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "entry_cache_netgroup_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" @@ -3655,12 +3655,12 @@ msgstr "" "netgroup comme valides avant de les redemander au moteur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "entry_cache_service_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" @@ -3669,24 +3669,24 @@ msgstr "" "service valides avant de les redemander au moteur" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "entry_cache_sudo_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" @@ -3695,12 +3695,12 @@ msgstr "" "valides avant de les redemander au moteur" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "entry_cache_autofs_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" @@ -3709,12 +3709,12 @@ msgstr "" "cartes d'automontage comme valides avant de les redemander au moteur" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "entry_cache_ssh_host_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." @@ -3723,24 +3723,24 @@ msgstr "" "rafraichissement. I.e. combien de temps mettre la clé en cache." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "refresh_expired_interval (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." @@ -3750,7 +3750,7 @@ msgstr "" "enregistrements expirés ou sur le point de l'être." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3759,18 +3759,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" "Il est envisageable de configurer cette valeur à 3/4 * entry_cache_timeout." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3782,28 +3782,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "Par défaut : 0 (désactivé)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "cache_credentials (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 -#, fuzzy -#| msgid "" -#| "Determines if user credentials are also cached in the local LDB cache" -msgid "Determines if user credentials are also cached in the local LDB cache." +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" -"Détermine si les données d'identification de l'utilisateur sont aussi mis en " -"cache dans le cache LDB local" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3812,12 +3813,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3825,19 +3826,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3850,17 +3851,17 @@ msgstr "" "paramètre doit être supérieur ou égal à offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "Par défaut : 0 (illimité)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3873,17 +3874,17 @@ msgstr "" "fournisseur oauth doit être configuré pour le moteur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Par défaut : 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "id_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -3891,12 +3892,12 @@ msgstr "" "d'identification pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3904,7 +3905,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3916,13 +3917,18 @@ msgstr "" "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" "<quote>ipa</quote> : fournisseur FreeIPA et Red Hat Enterprise Identity " "Management. Cf. <citerefentry><refentrytitle>sssd-ipa</refentrytitle> " @@ -3930,8 +3936,8 @@ msgstr "" "configuration de FreeIPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3943,12 +3949,12 @@ msgstr "" "d'Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -3958,7 +3964,7 @@ msgstr "" "communiqué à NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3972,7 +3978,7 @@ msgstr "" "trouve." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3984,24 +3990,24 @@ msgstr "" "qualifié sera demandé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "Ne pas envoyer les membres des groupes sur les recherches de groupes." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -4013,7 +4019,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -4021,23 +4027,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "auth_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -4046,7 +4052,7 @@ msgstr "" "pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4058,7 +4064,7 @@ msgstr "" "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4069,7 +4075,7 @@ msgstr "" "citerefentry> pour plus d'informations sur la configuration de Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" @@ -4077,12 +4083,12 @@ msgstr "" "PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> désactive l'authentification explicitement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -4091,12 +4097,12 @@ msgstr "" "gérer les requêtes d'authentification." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "access_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -4107,7 +4113,7 @@ msgstr "" "installés). Les fournisseurs internes spécifiques sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -4116,12 +4122,12 @@ msgstr "" "d'accès autorisé pour un domaine local." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> toujours refuser les accès." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -4134,7 +4140,7 @@ msgstr "" "d'informations sur la configuration du module d'accès simple." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4142,22 +4148,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "Par défaut : <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "chpass_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4166,7 +4172,7 @@ msgstr "" "domaine. Les fournisseurs pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4174,7 +4180,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4186,7 +4192,7 @@ msgstr "" "Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" @@ -4194,14 +4200,14 @@ msgstr "" "autre cible PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" "<quote>none</quote> pour désactiver explicitement le changement de mot de " "passe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4210,19 +4216,19 @@ msgstr "" "peut gérer les changements de mot de passe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "sudo_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "Le fournisseur SUDO, utilisé pour le domaine. Les fournisseurs SUDO pris en " "charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4234,7 +4240,7 @@ msgstr "" "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." @@ -4243,7 +4249,7 @@ msgstr "" "par défaut pour IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." @@ -4252,20 +4258,20 @@ msgstr "" "par défaut pour AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote> désactive explicitement SUDO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "Par défaut : La valeur de <quote>id_provider</quote> est utilisée si elle " "est définie." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4276,7 +4282,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4285,12 +4291,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "selinux_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4301,7 +4307,7 @@ msgstr "" "fournisseur d'accès. Les fournisseurs selinux pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4313,14 +4319,14 @@ msgstr "" "IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" "<quote>none</quote> n'autorise pas la récupération explicite des paramètres " "selinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." @@ -4329,12 +4335,12 @@ msgstr "" "gérer le chargement selinux" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "subdomains_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" @@ -4344,7 +4350,7 @@ msgstr "" "fournisseurs de sous-domaine pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4356,7 +4362,7 @@ msgstr "" "IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4365,18 +4371,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" "<quote>none</quote> désactive la récupération explicite des sous-domaines." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4384,37 +4390,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "autofs_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -4422,7 +4428,7 @@ msgstr "" "en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4434,7 +4440,7 @@ msgstr "" "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4446,7 +4452,7 @@ msgstr "" "IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4454,17 +4460,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> désactive explicitement autofs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "hostid_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -4473,7 +4479,7 @@ msgstr "" "systèmes. Les fournisseurs de hostid pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4485,31 +4491,31 @@ msgstr "" "configuration de IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> désactive explicitement hostid." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4517,7 +4523,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4526,12 +4532,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4547,7 +4553,7 @@ msgstr "" "domaine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3560 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -4564,17 +4570,17 @@ msgstr "" "styles différents pour les noms d'utilisateurs :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "username@domain.name" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3573 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -4593,12 +4599,12 @@ msgstr "" "styles différents pour les noms d'utilisateurs :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "domain\\username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." @@ -4608,7 +4614,7 @@ msgstr "" "utilisateurs de domaines Windows." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4618,17 +4624,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Par défaut : <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "lookup_family_order (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -4637,82 +4643,82 @@ msgstr "" "utiliser pour effectuer les requêtes DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "Valeurs prises en charge :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first : essayer de chercher une adresse IPv4, et en cas d'échec, " "essayer IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" "ipv4_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first : essayer de chercher une adresse IPv6, et en cas d'échec, tenter " "IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" "ipv6_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "Par défaut : ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3679 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "Par défaut : 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3702 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4720,12 +4726,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4734,14 +4740,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3743 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4749,7 +4755,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4757,17 +4763,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "Par défaut : TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -4776,54 +4782,54 @@ msgstr "" "du domaine faisant partie de la requête DNS de découverte de services." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" "Par défaut : utiliser la partie du domaine qui est dans le nom de système de " "la machine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "override_gid (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "Redéfinit le GID primaire avec la valeur spécifiée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "case_sensitive (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "Insensible à la casse." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "Preserving" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4835,14 +4841,14 @@ msgstr "" "sortie." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3789 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -4855,17 +4861,17 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "Par défaut : true (false pour le fournisseur AD)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "subdomain_inherit (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4873,130 +4879,130 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3849 #, fuzzy #| msgid "ldap_search_timeout (integer)" msgid "ldap_search_timeout" msgstr "ldap_search_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3852 #, fuzzy #| msgid "ldap_network_timeout (integer)" msgid "ldap_network_timeout" msgstr "ldap_network_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3855 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3858 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_offline_timeout" msgstr "ldap_connection_expire_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3861 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3864 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3870 #, fuzzy #| msgid "ldap_purge_cache_timeout" msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3877 #, fuzzy #| msgid "ldap_krb5_ticket_lifetime (integer)" msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3880 #, fuzzy #| msgid "ldap_enumeration_search_timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3883 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3886 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3889 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_expire_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3904 #, fuzzy #| msgid "Case insensitive." msgid "case_sensitive" msgstr "Insensible à la casse." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -5006,27 +5012,27 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "nom plat (NetBIOS) d'un sous-domaine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -5042,7 +5048,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" @@ -5050,17 +5056,17 @@ msgstr "" "emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Par défaut : <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "realmd_tags (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" @@ -5068,12 +5074,12 @@ msgstr "" "ce domaine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -5082,19 +5088,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -5102,24 +5108,96 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: cn" +msgid "Default: match" +msgstr "Par défaut : cn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5128,24 +5206,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5155,14 +5233,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5170,21 +5248,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5192,7 +5270,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5201,7 +5279,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5210,7 +5288,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -5222,31 +5300,36 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "Le proxy cible duquel PAM devient mandataire." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4145 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" "Par défaut : non défini, il faut utiliser une configuration de pam existante " "ou en créer une nouvelle et ajouter le nom de service ici." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5257,12 +5340,12 @@ msgstr "" "_nss_$(libName)_$(function), par exemple _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5270,12 +5353,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5289,12 +5372,12 @@ msgstr "" "afin d'améliorer les performances." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5302,7 +5385,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5311,12 +5394,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5333,7 +5416,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5341,17 +5424,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5360,7 +5443,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5370,7 +5453,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -5390,12 +5473,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -5406,69 +5489,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5481,7 +5564,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5489,7 +5572,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5498,55 +5581,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5555,17 +5638,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5573,26 +5656,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5601,17 +5684,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5621,7 +5704,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5630,59 +5713,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5691,7 +5774,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5700,17 +5783,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5718,39 +5801,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4516 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -5763,7 +5846,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5772,7 +5855,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5780,12 +5863,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5839,7 +5922,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5848,7 +5931,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5856,7 +5939,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5867,7 +5950,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5878,7 +5961,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5934,14 +6017,23 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" "Le moteur de traitement LDAP prend en charge les fournisseurs id, auth, " "access et chpass. Si vous voulez vous authentifier sur un serveur LDAP, il " @@ -5953,19 +6045,19 @@ msgstr "" "en tant que fournisseur d'accès." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "OPTIONS DE CONFIGURATION" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "ldap_uri, ldap_backup_uri (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5981,18 +6073,18 @@ msgstr "" "la section de <quote>DÉCOUVERTE DE SERVICE</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" "Le format de l'URI doit correspondre au format définit dans la RFC 2732 :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<host>[:port]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" @@ -6000,17 +6092,17 @@ msgstr "" "entre crochets []" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "exemple : ldap://[fc00::126:25]:389" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -6023,31 +6115,31 @@ msgstr "" "plus d'informations sur le repli et la redondance de serveurs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "Pour activer la découverte de services, ldap_chpass_dns_service_name doit " "être défini." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "Par défaut : vide, ldap_uri est donc utilisé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "ldap_search_base (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" "Le DN de base par défaut à utiliser pour effectuer les opérations LDAP sur " "les utilisateurs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" @@ -6056,17 +6148,17 @@ msgstr "" "l'aide de la syntaxe :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "La portée peut être l'une des « base », « onelevel » ou « subtree »." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" @@ -6075,13 +6167,13 @@ msgstr "" "http://www.ietf.org/rfc/rfc2254.txt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "Exemples :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" @@ -6090,7 +6182,7 @@ msgstr "" "dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" @@ -6099,7 +6191,7 @@ msgstr "" "(host=thishost)?dc=example.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -6112,7 +6204,7 @@ msgstr "" "à un comportement imprévisible sur les ordinateurs clients." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -6129,12 +6221,12 @@ msgstr "" "valeurs multiples ne sont pas permises." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "ldap_schema (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -6146,32 +6238,32 @@ msgstr "" "également différer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "Quatre types de schéma sont actuellement pris en charge :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "rfc2307bis" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -6189,37 +6281,37 @@ msgstr "" "correspondant aux valeurs d'Active Directory 2008r2." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "Par défaut : rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -6228,76 +6320,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" "Le DN de connexion par défaut à utiliser pour effectuer les opérations LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" "Le type de jeton d'authentification pour le DN de connexion par défaut." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "Les deux mécanismes actuellement pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "Par défaut : password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -6310,12 +6402,12 @@ msgstr "" "utiliser un nom de domaine en majuscules." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." @@ -6324,12 +6416,12 @@ msgstr "" "d'actualiser son cache d\"énumération d'enregistrements." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "ldap_purge_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -6340,7 +6432,7 @@ msgstr "" "jamais connectés) et de suppression pour économiser de l'espace." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -6349,12 +6441,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -6366,7 +6458,7 @@ msgstr "" "schéma RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -6376,7 +6468,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -6386,12 +6478,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "Par défaut : 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." @@ -6401,25 +6493,25 @@ msgstr "" "2008 et versions ultérieures." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" "Facultatif. Utiliser la chaîne donnée comme base de recherche pour héberger " "des objets." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." @@ -6428,32 +6520,32 @@ msgstr "" "configuration des bases de recherche multiples." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "Par défaut : la valeur de <emphasis>ldap_search_base</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "ldap_service_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -6464,7 +6556,7 @@ msgstr "" "activation du mode hors ligne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -6475,12 +6567,12 @@ msgstr "" "différents types de recherches." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -6491,12 +6583,12 @@ msgstr "" "résultats mis en cache (et activation du mode hors ligne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -6513,12 +6605,12 @@ msgstr "" "citerefentry> rendent la main en cas d'inactivité." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -6527,12 +6619,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -6545,7 +6637,7 @@ msgstr "" "courte des deux valeurs entre celle-ci et la durée de vie TGT sera utilisée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -6556,38 +6648,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "Par défaut : 900 (15 minutes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout (integer)" msgstr "ldap_connection_expire_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 #, fuzzy #| msgid "" #| "Specifies a timeout (in seconds) that a connection to an LDAP server will " @@ -6605,17 +6697,17 @@ msgstr "" "courte des deux valeurs entre celle-ci et la durée de vie TGT sera utilisée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." @@ -6624,12 +6716,12 @@ msgstr "" "Certains serveurs LDAP imposent une limite maximale par requête." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "ldap_disable_paging (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -6641,7 +6733,7 @@ msgstr "" "correctement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." @@ -6651,7 +6743,7 @@ msgstr "" "sera impossible de l'utiliser." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -6662,17 +6754,17 @@ msgstr "" "cela peut entraîner l'échec de certaines demandes." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "ldap_disable_range_retrieval (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "Désactiver la récupération de plage Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -6688,12 +6780,12 @@ msgstr "" "apparaissant ainsi sans aucun membre." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "ldap_sasl_minssf (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -6704,19 +6796,19 @@ msgstr "" "de cette option sont définies par OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" "Par défaut : Utiliser la valeur par défaut du système (généralement spécifié " "par ldap.conf)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6724,12 +6816,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6740,7 +6832,7 @@ msgstr "" "membres manquants est inférieur, ils sont recherchés individuellement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6751,7 +6843,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6764,7 +6856,7 @@ msgstr "" "acceptés sont 389/RHDS, OpenLDAP et Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6775,12 +6867,12 @@ msgstr "" "déréférencement est désactivée indépendamment de ce paramètre." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6788,7 +6880,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6796,12 +6888,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -6810,7 +6902,7 @@ msgstr "" "session TLS, si elle existe. Une des valeurs suivantes est utilisable :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -6819,7 +6911,7 @@ msgstr "" "quelconque certificat du serveur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6830,7 +6922,7 @@ msgstr "" "certificat est fourni, il est ignoré et la session continue normalement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6841,7 +6933,7 @@ msgstr "" "certificat est fourni, la session se termine immédiatement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6852,22 +6944,22 @@ msgstr "" "immédiatement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> : identique à <quote>demand</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "Par défaut : hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -6876,7 +6968,7 @@ msgstr "" "certification que <command>sssd</command> reconnaîtra." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -6885,12 +6977,12 @@ msgstr "" "<filename>/etc/openldap/ldap.conf</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6904,32 +6996,32 @@ msgstr "" "corrects." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "Définit le fichier qui contient le certificat pour la clef du client." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "Définit le fichier qui contient la clef du client." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6937,27 +7029,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" "Définit le fait que le fournisseur d'identité de connexion doit aussi " "utiliser <systemitem class=\"protocol\">tls</systemitem> pour protéger le " "canal." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "ldap_id_mapping (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6969,19 +7066,19 @@ msgstr "" "ldap_group_gid_number." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" "Cette fonctionnalité ne prend actuellement en charge que la correspondance " "par objectSID avec Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -7001,24 +7098,24 @@ msgstr "" "identifiants." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "Par défaut : non indiqué (les deux options sont à 0)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -7029,12 +7126,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -7047,7 +7144,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -7059,17 +7156,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "Par défaut : host/hostname@REALM" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "ldap_sasl_realm (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -7080,17 +7177,17 @@ msgstr "" "domaine, cette option est ignorée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "Par défaut : la valeur de krb5_realm." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." @@ -7099,34 +7196,34 @@ msgstr "" "le nom de l'hôte au cours d'une liaison SASL." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "Défaut : false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Par défaut : le fichier keytab du système, normalement <filename>/etc/krb5." "keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -7134,28 +7231,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "Par défaut : 86400 (24 heures)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "krb5_server, krb5_backup_server (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -7175,7 +7272,7 @@ msgstr "" "<quote>DÉCOUVERTE DE SERVICES</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -7186,7 +7283,7 @@ msgstr "" "comme protocole, et passe sur _tcp si aucune entrée n'est trouvée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -7198,29 +7295,29 @@ msgstr "" "l'utilisation de <quote>krb5_server</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" "Par défaut : valeur par défaut du système, voir <filename>/etc/krb5.conf</" "filename>" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" @@ -7230,12 +7327,12 @@ msgstr "" "Kerberos > = 1.7" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "krb5_use_kdcinfo (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -7250,7 +7347,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -7262,12 +7359,12 @@ msgstr "" "localisation." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -7276,7 +7373,7 @@ msgstr "" "valeurs suivantes sont acceptées :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -7285,7 +7382,7 @@ msgstr "" "peut pas désactiver la politique sur les mots de passe du côté serveur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 #, fuzzy #| msgid "" #| "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" @@ -7302,7 +7399,7 @@ msgstr "" "manvolnum></citerefentry> pour évaluer si le mot de passe a expiré." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -7314,7 +7411,7 @@ msgstr "" "est changé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." @@ -7323,17 +7420,17 @@ msgstr "" "côté serveur, elle prend le pas sur la politique indiquée avec cette option." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "Définit si le déréférencement automatique doit être activé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -7342,7 +7439,7 @@ msgstr "" "compilé avec OpenLDAP version 2.4.13 ou supérieur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 #, fuzzy #| msgid "" #| "Chasing referrals may incur a performance penalty in environments that " @@ -7366,29 +7463,29 @@ msgstr "" "permettre d'améliorer de façon notable les performances." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "Définit le nom de service à utiliser quand la découverte de services est " "activée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "Par défaut : ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." @@ -7397,19 +7494,19 @@ msgstr "" "un changement de mot de passe quand la découverte de services est activée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" "Par défaut : non défini, c'est-à-dire que le service de découverte est " "désactivé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "ldap_chpass_update_last_change (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." @@ -7419,7 +7516,7 @@ msgstr "" "de passe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -7428,12 +7525,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -7449,12 +7546,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "Exemple :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -7466,7 +7563,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." @@ -7475,7 +7572,7 @@ msgstr "" "dont l'attribut employeeType est « admin »." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -7484,17 +7581,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "Par défaut : vide" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." @@ -7503,7 +7600,7 @@ msgstr "" "être activée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -7515,12 +7612,12 @@ msgstr "" "correct." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "Les valeurs suivantes sont autorisées :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." @@ -7529,7 +7626,7 @@ msgstr "" "pour déterminer si le compte a expiré." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -7542,7 +7639,7 @@ msgstr "" "d'expiration du compte est aussi vérifiée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -7553,7 +7650,7 @@ msgstr "" "l'accès est autorisé ou non." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -7566,7 +7663,7 @@ msgstr "" "est autorisé. Si les deux attributs sont manquants, l'accès est autorisé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -7577,24 +7674,24 @@ msgstr "" "ldap_account_expire_policy de fonctionner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "ldap_access_order (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "Liste séparées par des virgules des options de contrôles d'accès. Les " "valeurs autorisées sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis> : utiliser ldap_access_filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -7604,14 +7701,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -7624,12 +7721,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "<emphasis>expire</emphasis>: utiliser ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -7639,38 +7736,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" @@ -7679,32 +7776,32 @@ msgstr "" "authorizedService pour déterminer l'accès" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" "<emphasis>host</emphasis> : utilise l'attribut host pour déterminer l'accès" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "Par défaut : filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." @@ -7713,12 +7810,12 @@ msgstr "" "de configuration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "ldap_pwdlockout_dn (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -7727,22 +7824,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "Exemple : cn=ppolicy,ou=policies,dc=example,dc=com" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "ldap_deref (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" @@ -7751,12 +7848,12 @@ msgstr "" "recherche. Les options suivantes sont autorisées :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "<emphasis>never</emphasis> : les alias ne sont jamais déréférencés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." @@ -7766,7 +7863,7 @@ msgstr "" "recherche." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." @@ -7775,7 +7872,7 @@ msgstr "" "la localisation de l'objet de base de la recherche." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." @@ -7784,7 +7881,7 @@ msgstr "" "recherche et et la localisation de l'objet de base de la recherche." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -7793,12 +7890,12 @@ msgstr "" "bibliothèques clientes LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "ldap_rfc2307_fallback_to_local_users (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -7807,7 +7904,7 @@ msgstr "" "LDAP pour les serveurs qui utilisent le schéma RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -7825,7 +7922,7 @@ msgstr "" "initgoups()." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -7836,57 +7933,57 @@ msgstr "" "ajoutent les utilisateurs locaux aux groupes LDAP." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 #, fuzzy #| msgid "debug_level (integer)" msgid "ldap_library_debug_level (integer)" msgstr "debug_level (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 #, fuzzy #| msgid "Default: 0 (disabled)" msgid "Default: 0 (libldap debugging disabled)" msgstr "Par défaut : 0 (désactivé)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -7898,12 +7995,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "OPTIONS DE SUDO" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7911,12 +8008,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "ldap_sudo_full_refresh_interval (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." @@ -7926,7 +8023,7 @@ msgstr "" "règles qui sont stockées sur le serveur)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" @@ -7935,24 +8032,24 @@ msgstr "" "emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "Par défaut : 21600 (6 heures)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "ldap_sudo_smart_refresh_interval (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7960,7 +8057,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." @@ -7969,7 +8066,7 @@ msgstr "" "modifyTimestamp est utilisé à la place." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7979,21 +8076,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 #, fuzzy #| msgid "ldap_idmap_range_size (integer)" msgid "ldap_sudo_random_offset (integer)" msgstr "ldap_idmap_range_size (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -8001,7 +8098,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -8009,17 +8106,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "ldap_sudo_use_host_filter (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." @@ -8029,12 +8126,12 @@ msgstr "" "noms de systèmes)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "ldap_sudo_hostnames (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." @@ -8043,7 +8140,7 @@ msgstr "" "doivent être utilisés pour filtrer les règles." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." @@ -8052,8 +8149,8 @@ msgstr "" "nom de système et le nom de domaine pleinement qualifié." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." @@ -8062,17 +8159,17 @@ msgstr "" "emphasis>, alors cette option n'a aucun effet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "Par défaut : non spécifié" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "ldap_sudo_ip (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." @@ -8081,7 +8178,7 @@ msgstr "" "IPv6 qui doivent être utilisés pour filtrer les règles." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." @@ -8090,12 +8187,12 @@ msgstr "" "automatiquement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "ldap_sudo_include_netgroups (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." @@ -8104,12 +8201,12 @@ msgstr "" "netgroup dans l'attribut sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "ldap_sudo_include_regexp (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." @@ -8118,14 +8215,14 @@ msgstr "" "un joker dans l'attribut sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -8138,59 +8235,59 @@ msgstr "" "manvolnum></citerefentry>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "OPTIONS AUTOFS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "ldap_autofs_map_master_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "Le nom de la table de montage automatique maîtresse dans LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "Par défaut : auto.master" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "OPTIONS AVANCÉES" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "<note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -8199,22 +8296,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "</note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "ldap_sudo_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "ldap_autofs_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -8223,14 +8320,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "EXEMPLE" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -8241,7 +8338,7 @@ msgstr "" "replaceable>." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -8261,27 +8358,27 @@ msgstr "" "cache_credentials = true\n" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -8307,13 +8404,13 @@ msgstr "" "cache_credentials = true\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "NOTES" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -10786,12 +10883,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -10799,19 +10896,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 #, fuzzy #| msgid "dyndns_iface (string)" msgid "dyndns_auth_ptr (string)" msgstr "dyndns_iface (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -10819,7 +10916,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -10896,17 +10993,24 @@ msgstr "" "quand les enregistrements directs sont modifiés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "Par défaut : False (désactivé)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "dyndns_force_tcp (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." @@ -10915,48 +11019,48 @@ msgstr "" "communication avec le serveur DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "Par défaut : False (laisser nsupdate choisir le protocole)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -10964,52 +11068,52 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "ldap_access_order (string)" msgid "ipa_access_order (string)" msgstr "ldap_access_order (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 #, fuzzy #| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "<emphasis>expire</emphasis>: utiliser ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "Par défaut : utilise le DN de base" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 #, fuzzy #| msgid "ipa_subdomains_search_base (string)" msgid "ipa_subid_ranges_search_base (string)" msgstr "ipa_subdomains_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 #, fuzzy #| msgid "" #| "Optional. Use the given string as search base for HBAC related objects." @@ -11021,97 +11125,97 @@ msgstr "" "HBAC associés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 #, fuzzy #| msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "Par défaut : la valeur de <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" "Facultatif. Utilise la chaîne donnée comme base de recherche pour les objets " "HBAC associés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "ipa_host_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "ipa_selinux_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" "Facultatif. Utiliser la chaîne donnée comme base de recherche pour les " "mappages utilisateur SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "ipa_subdomains_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" "Facultatif. Utiliser la chaîne donnée comme base de recherche pour les " "domaines approuvés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "Par défaut : la valeur de <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "ipa_master_domain_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" "Facultatif. Utiliser la chaîne donnée comme base de recherche objet de " "domaine maître." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "Par défaut : la valeur de <emphasis>cn=ad,cn=etc,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "ipa_views_search_base (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." @@ -11120,7 +11224,7 @@ msgstr "" "valeur de <quote>ipa_domain</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." @@ -11129,37 +11233,37 @@ msgstr "" "convertit en DN de base pour effectuer les opérations LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "krb5_confd_path (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -11167,34 +11271,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "Par défaut : 5 (secondes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -11205,12 +11309,12 @@ msgstr "" "beaucoup de requêtes de contrôle d'accès sur une courte période." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "ipa_hbac_selinux (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -11221,33 +11325,33 @@ msgstr "" "requêtes de connexions utilisateurs sur une courte période." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "ipa_server_mode (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -11255,59 +11359,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "ipa_automount_location (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "L'emplacement à automonter qu'utilisera ce client IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "Par défaut : Le lieu nommé « default »" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "ipa_view_class (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "ipa_view_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -11315,128 +11419,128 @@ msgid "Default: cn" msgstr "Par défaut : cn" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "ipa_anchor_uuid (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "ipa_user_override_object_class (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "ipa_group_override_object_class (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -11446,12 +11550,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "FOURNISSEURS DE SOUS-DOMAINES" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." @@ -11460,7 +11564,7 @@ msgstr "" "configuré explicitement ou implicitement." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -11472,7 +11576,7 @@ msgstr "" "serveur IPA si nécessaire." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -11492,12 +11596,12 @@ msgstr "" "fournisseur de sous-domaines est à nouveau activé." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -11505,7 +11609,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -11515,80 +11619,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -11602,7 +11706,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11613,7 +11717,7 @@ msgstr "" "exemples montrent seulement les options spécifiques au fournisseur IPA." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -12848,7 +12952,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -12859,7 +12963,7 @@ msgstr "" "exemples montrent seulement les options spécifiques au fournisseur AD." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -12883,7 +12987,7 @@ msgstr "" "ad_domain = example.com\n" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -12895,7 +12999,7 @@ msgstr "" "ldap_account_expire_policy = ad\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -12906,7 +13010,7 @@ msgstr "" "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -12916,7 +13020,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -19113,9 +19217,13 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" "Lorsque cette option est configurée, les domaines seront alloués en " "commençant par la tranche zéro et augmentant de manière monotone pour chaque " @@ -20135,6 +20243,20 @@ msgstr "" "rendus canoniques. Cette fonctionnalité est disponible avec MIT Kerberos 1.7 " "et versions suivantes." +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "Cette option n'est pas disponible dans le fournisseur IPA." + +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "Détermine si les données d'identification de l'utilisateur sont aussi mis " +#~ "en cache dans le cache LDB local" + #~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" #~ msgstr "" #~ "Les informations d'identification utilisateur sont stockées dans une " diff --git a/src/man/po/ja.po b/src/man/po/ja.po index 7e41316e36c..5ae596c81f2 100644 --- a/src/man/po/ja.po +++ b/src/man/po/ja.po @@ -12,7 +12,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2021-07-20 07:04+0000\n" "Last-Translator: Ludek Janda <ljanda@redhat.com>\n" "Language-Team: Japanese <https://translate.fedoraproject.org/projects/sssd/" @@ -219,11 +219,11 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "初期値: true" @@ -240,11 +240,11 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -280,8 +280,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -311,8 +311,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "初期値: 10" @@ -378,12 +378,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -392,7 +392,7 @@ msgstr "" "める前に試行する回数です。" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "初期値: 3" @@ -414,7 +414,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (文字列)" @@ -434,12 +434,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -450,39 +450,39 @@ msgstr "" "manvolnum> </citerefentry> 互換形式。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "ユーザー名" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "SSSD 設定ファイルにおいて指定されるドメイン名。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -642,8 +642,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -921,7 +921,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -974,11 +974,11 @@ msgstr "ipa_automount_location (文字列)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -1016,12 +1016,12 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "サービスセクション" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -1033,22 +1033,22 @@ msgstr "" "ば、NSS サービスは <quote>[nss]</quote> セクションです" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "サービス設定の全体オプション" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "これらのオプションはすべてのサービスを設定するために使用できます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1058,17 +1058,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1078,19 +1078,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 300" msgid "Default: 60, KCM: 300" msgstr "初期値: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1101,14 +1101,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1116,46 +1116,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "初期値: 60" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 #, fuzzy #| msgid "timeout (integer)" msgid "offline_timeout_max (integer)" msgstr "timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1164,64 +1164,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 300" msgid "Default: 3600" msgstr "初期値: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 #, fuzzy #| msgid "offline_failed_login_attempts (integer)" msgid "offline_timeout_random_offset (integer)" msgstr "offline_failed_login_attempts (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 300" msgid "Default: 30" msgstr "初期値: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1233,30 +1233,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 -#: sssd-ldap.5.xml:331 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "初期値: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "NSS 設定オプション" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -1264,12 +1264,12 @@ msgstr "" "きます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" @@ -1278,17 +1278,17 @@ msgstr "" "要求)。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "初期値: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1299,7 +1299,7 @@ msgstr "" "す。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1314,7 +1314,7 @@ msgstr "" "とをブロックする必要がありません。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1327,17 +1327,17 @@ msgstr "" "(0 はこの機能を無効にします)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "初期値: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1348,17 +1348,17 @@ msgstr "" "せ)をキャッシュする秒数を指定します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "初期値: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1366,17 +1366,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1385,7 +1385,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1394,17 +1394,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "初期値: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (論理値)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" @@ -1412,12 +1412,12 @@ msgstr "" "ションを偽に設定します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "fallback_homedir (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." @@ -1426,7 +1426,7 @@ msgstr "" "ホームディレクトリーの標準テンプレートを設定します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" @@ -1434,7 +1434,7 @@ msgstr "" "同じです。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1444,23 +1444,23 @@ msgstr "" " " #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "例: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "初期値: 設定なし (ホームディレクトリーの設定がない場合は代替なし)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "override_shell (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1468,17 +1468,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "初期値: 設定なし (SSSD は LDAP から取得された値を使用します)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "allowed_shells (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" @@ -1486,13 +1486,13 @@ msgstr "" "す:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" "1. シェルが <quote>/etc/shells</quote> に存在すると、それが使用されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." @@ -1501,7 +1501,7 @@ msgstr "" "ば、shell_fallback パラメーターの値を使用します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." @@ -1510,12 +1510,12 @@ msgstr "" "ば、nologin シェルが使用されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1523,12 +1523,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "シェルの空文字列は libc にそのまま渡されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." @@ -1538,27 +1538,27 @@ msgstr "" "ます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "初期値: 設定されません。ユーザーシェルが自動的に使用されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "vetoed_shells (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "これらのシェルのインスタンスをすべて shell_fallback に置き換えます" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "shell_fallback (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" @@ -1566,79 +1566,79 @@ msgstr "" "す。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "初期値: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "default_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "get_domains_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "サブドメインのリストが有効とみなされる時間を秒単位で指定します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_timeout (integer)" msgstr "enum_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_passwd (integer)" msgstr "enum_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1646,27 +1646,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_group (integer)" msgstr "enum_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1674,21 +1674,21 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "初期値: 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_initgroups (integer)" msgstr "enum_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1696,14 +1696,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_sid (integer)" msgstr "enum_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1712,12 +1712,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1728,38 +1728,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 #, fuzzy #| msgid "Default: <quote>permit</quote>" msgid "Default: <quote>*</quote>" msgstr "初期値: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 #, fuzzy #| msgid "This option can also be set per-domain." msgid "" @@ -1768,7 +1768,7 @@ msgid "" msgstr "このオプションはドメインごとに設定できます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1777,12 +1777,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "PAM 設定オプション" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." @@ -1791,12 +1791,12 @@ msgstr "" "ために使用できます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." @@ -1805,17 +1805,17 @@ msgstr "" "ラインログインの最終成功からの日数)です。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "初期値: 0 (無制限)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." @@ -1823,12 +1823,12 @@ msgstr "" "認証プロバイダーがオフラインの場合、ログイン試行の失敗が許容される回数です。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." @@ -1837,7 +1837,7 @@ msgstr "" "渡される分単位の時間です。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1848,17 +1848,17 @@ msgstr "" "効にできます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "初期値: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." @@ -1867,44 +1867,44 @@ msgstr "" "きいほどメッセージが表示されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "現在 sssd は以下の値をサポートします:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis>: 何もメッセージを表示しない" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis>: 重要なメッセージのみを表示する" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis>: 情報レベルのメッセージを表示する" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "<emphasis>3</emphasis>: すべてのメッセージとデバッグ情報を表示する" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "初期値: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 #, fuzzy #| msgid "ldap_access_filter (string)" msgid "pam_response_filter (string)" msgstr "ldap_access_filter (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1913,51 +1913,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1968,23 +1968,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1994,7 +1994,7 @@ msgstr "" "されるよう、SSSD は直ちにキャッシュされた識別情報を更新しようとします。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -2007,17 +2007,17 @@ msgstr "" "アプリケーションごとに)制御します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "パスワードの期限が切れる前に N 日間警告を表示します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -2027,31 +2027,31 @@ msgstr "" "ことに注意してください。この情報がなければ、sssd は警告を表示します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "初期値: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -2061,75 +2061,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "初期値: none" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2137,19 +2137,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2157,42 +2157,42 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 #, fuzzy #| msgid "ldap_chpass_update_last_change (bool)" msgid "pam_passkey_auth (bool)" msgstr "ldap_chpass_update_last_change (論理値)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "初期値: 偽" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2200,36 +2200,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 #, fuzzy #| msgid "ipa_automount_location (string)" msgid "pam_cert_verification (string)" msgstr "ipa_automount_location (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2239,7 +2239,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, fuzzy, no-wrap #| msgid "" #| "fallback_homedir = /home/%u\n" @@ -2252,61 +2252,61 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "pam_id_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "pam_id_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2314,7 +2314,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2326,63 +2326,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2390,12 +2390,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2406,7 +2406,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2414,7 +2414,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2422,7 +2422,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2431,47 +2431,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2480,17 +2480,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 #, fuzzy #| msgid "Comma separated list of users who are allowed to log in." msgid "" @@ -2499,13 +2499,13 @@ msgid "" msgstr "ログインが許可されたユーザーのカンマ区切り一覧です。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2513,7 +2513,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, fuzzy, no-wrap #| msgid "" #| "fallback_homedir = /home/%u\n" @@ -2526,22 +2526,22 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2549,25 +2549,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "初期値: True" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2575,7 +2575,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2590,7 +2590,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2598,45 +2598,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2644,7 +2644,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2652,19 +2652,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 #, fuzzy #| msgid "Default: not set (no substitution for unset home directories)" msgid "Default: not set (use of authentication indicators is not required)" msgstr "初期値: 設定なし (ホームディレクトリーの設定がない場合は代替なし)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "SUDO 設定オプション" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2675,12 +2675,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "sudo_timed (論理値)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." @@ -2689,12 +2689,12 @@ msgstr "" "を評価するかしないかです。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2704,22 +2704,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "Autofs 設定オプション" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "これらのオプションが autofs サービスを設定するために使用されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "autofs_negative_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2730,51 +2730,51 @@ msgstr "" "ヒットする秒数を指定します。" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "SSH 設定オプション" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "これらのオプションは SSH サービスを設定するために使用されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "ssh_hash_known_hosts (論理値)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "ssh_known_hosts_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "初期値: 180" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2783,12 +2783,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2798,7 +2798,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2806,7 +2806,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2815,38 +2815,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2857,7 +2857,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2868,24 +2868,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "allowed_uids (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2893,12 +2893,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2907,26 +2907,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 #, fuzzy #| msgid "ldap_schema (string)" msgid "pac_check (string)" msgstr "ldap_schema (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2937,24 +2937,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2962,24 +2962,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2991,7 +2991,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -3002,41 +3002,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -3049,19 +3049,19 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -3071,66 +3071,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3141,17 +3141,17 @@ msgstr "" "の可能性がある場合には、その後になります。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3162,7 +3162,7 @@ msgstr "" "文字の変更などの可能性がある場合には、その後になります。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3171,64 +3171,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 #, fuzzy #| msgid "simple_deny_users (string)" msgid "exclude_users (string)" msgstr "simple_deny_users (文字列)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 #, fuzzy #| msgid "Default: empty, i.e. ldap_uri is used." msgid "Default: Empty. No users excluded." msgstr "初期値: 空、つまり ldap_uri が使用されます。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 #, fuzzy #| msgid "simple_deny_groups (string)" msgid "exclude_groups (string)" msgstr "simple_deny_groups (文字列)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 #, fuzzy #| msgid "Default: empty, i.e. ldap_uri is used." msgid "Default: Empty. No groups excluded." msgstr "初期値: 空、つまり ldap_uri が使用されます。" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "ドメインセクション" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3238,12 +3238,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3252,14 +3252,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3268,31 +3268,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." @@ -3301,7 +3301,7 @@ msgstr "" "トリーを含む場合、それは無視されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3313,24 +3313,24 @@ msgstr "" "バーに対して、範囲内にあるものは予期されたものとして報告されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "初期値: min_id は 1, max_id は 0 (無制限)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "enumerate (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3339,29 +3339,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = ユーザーとグループが列挙されます" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = このドメインに対して列挙しません" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "初期値: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3375,7 +3375,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." @@ -3384,7 +3384,7 @@ msgstr "" "れが完了するまで結果を返しません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3397,39 +3397,39 @@ msgstr "" "てください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3438,12 +3438,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" @@ -3452,7 +3452,7 @@ msgstr "" "数です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3463,17 +3463,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "初期値: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "entry_cache_user_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" @@ -3482,19 +3482,19 @@ msgstr "" "考える秒数です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "初期値: entry_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "entry_cache_group_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" @@ -3503,12 +3503,12 @@ msgstr "" "考える秒数です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "entry_cache_netgroup_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" @@ -3517,12 +3517,12 @@ msgstr "" "有効であると考える秒数です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "entry_cache_service_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" @@ -3531,48 +3531,48 @@ msgstr "" "考える秒数です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "entry_cache_sudo_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "entry_cache_autofs_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." @@ -3581,31 +3581,31 @@ msgstr "" "秒キャッシュするか。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "refresh_expired_interval (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3614,17 +3614,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3636,28 +3636,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "初期値: 0 (無効)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "cache_credentials (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 -#, fuzzy -#| msgid "" -#| "Determines if user credentials are also cached in the local LDB cache" -msgid "Determines if user credentials are also cached in the local LDB cache." +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" -"ユーザーのクレディンシャルがローカル LDB キャッシュにキャッシュされるかどうか" -"を決めます" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3666,12 +3667,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3682,19 +3683,19 @@ msgstr "" "に保存する必要がある最小の長さを決定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3706,17 +3707,17 @@ msgstr "" "offline_credentials_expiration と同等以上でなければいけません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "初期値: 0 (無制限)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3725,17 +3726,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "初期値: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "id_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -3743,12 +3744,12 @@ msgstr "" "ダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3756,7 +3757,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3767,13 +3768,18 @@ msgstr "" "manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" "<quote>ipa</quote>: FreeIPA および Red Hat Enterprise Identity Management プ" "ロバイダー。FreeIPA の設定に関する詳細は <citerefentry> <refentrytitle>sssd-" @@ -3781,8 +3787,8 @@ msgstr "" "い。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3793,12 +3799,12 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -3807,7 +3813,7 @@ msgstr "" "名形式により整形されたように) を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3820,7 +3826,7 @@ msgstr "" "んが、<command>getent passwd test@LOCAL</command> は見つけられます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3828,24 +3834,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3857,7 +3863,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3865,23 +3871,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "auth_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -3890,7 +3896,7 @@ msgstr "" "ダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3901,7 +3907,7 @@ msgstr "" "manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3912,19 +3918,19 @@ msgstr "" "manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" "<quote>proxy</quote> はいくつかの他の PAM ターゲットに認証を中継します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> は明示的に認証を無効化します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -3933,12 +3939,12 @@ msgstr "" "ならば、それが使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "access_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3949,7 +3955,7 @@ msgstr "" "えます)。内部の特別プロバイダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -3958,12 +3964,12 @@ msgstr "" "ロバイダーのみアクセスが許可されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> は常にアクセスを拒否します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3976,7 +3982,7 @@ msgstr "" "citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3984,22 +3990,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "初期値: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "chpass_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4008,7 +4014,7 @@ msgstr "" "パスワード変更プロバイダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4016,7 +4022,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4027,7 +4033,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" @@ -4035,12 +4041,12 @@ msgstr "" "します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "<quote>none</quote> は明示的にパスワードの変更を無効化します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4049,19 +4055,19 @@ msgstr "" "うことができるならば、それが使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "sudo_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "ドメインに使用される SUDO プロバイダーです。サポートされる SUDO プロバイダー" "は次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4072,33 +4078,33 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry> を参照します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote> は SUDO を明示的に無効化します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "初期値: <quote>id_provider</quote> の値が設定されていると使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4109,7 +4115,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4118,12 +4124,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "selinux_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4131,7 +4137,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4139,31 +4145,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "subdomains_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4171,7 +4177,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4180,17 +4186,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "<quote>none</quote> はサブドメインの取り出しを明示的に無効化します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4198,37 +4204,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "autofs_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -4236,7 +4242,7 @@ msgstr "" "プロバイダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4247,7 +4253,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4258,7 +4264,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4266,17 +4272,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> は明示的に autofs を無効にします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "hostid_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -4285,7 +4291,7 @@ msgstr "" "hostid プロバイダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4296,31 +4302,31 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> は明示的に hostid を無効にします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4328,7 +4334,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4337,12 +4343,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4352,24 +4358,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "username@domain.name" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4378,19 +4384,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "domain\\username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4400,17 +4406,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "初期値: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "lookup_family_order (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -4419,80 +4425,80 @@ msgstr "" "します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "サポートする値:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first: IPv4 アドレスの検索を試行します。失敗すると IPv6 を試行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" "ipv4_only: ホスト名を IPv4 アドレスに名前解決することのみを試行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first: IPv6 アドレスの検索を試行します。失敗すると IPv4 を試行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" "ipv6_only: ホスト名を IPv6 アドレスに名前解決することのみを試行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "初期値: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3679 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "初期値: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3702 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4500,12 +4506,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4514,14 +4520,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3743 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4529,7 +4535,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4537,17 +4543,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "初期値: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -4556,52 +4562,52 @@ msgstr "" "イン部分を指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "初期値: マシンのホスト名のドメイン部分を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "override_gid (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "プライマリー GID の値を指定されたもので上書きします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4609,14 +4615,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3789 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -4629,17 +4635,17 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4647,128 +4653,128 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3849 #, fuzzy #| msgid "ldap_search_timeout (integer)" msgid "ldap_search_timeout" msgstr "ldap_search_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3852 #, fuzzy #| msgid "ldap_network_timeout (integer)" msgid "ldap_network_timeout" msgstr "ldap_network_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3855 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3858 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_offline_timeout" msgstr "ldap_connection_expire_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3861 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3864 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3870 #, fuzzy #| msgid "ldap_purge_cache_timeout (integer)" msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3877 #, fuzzy #| msgid "ldap_krb5_ticket_lifetime (integer)" msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3880 #, fuzzy #| msgid "ldap_enumeration_search_timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3883 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3886 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3889 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_expire_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4776,27 +4782,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "サブドメインのフラット (NetBIOS) 名。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4806,35 +4812,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" "値は <emphasis>override_homedir</emphasis> オプションにより上書きできます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "初期値: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "realmd_tags (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "このドメインのための realmd 設定サービスによって格納された様々なタグ。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4843,19 +4849,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4863,24 +4869,96 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: cn" +msgid "Default: match" +msgstr "初期値: cn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4889,24 +4967,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4916,14 +4994,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4931,21 +5009,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4953,7 +5031,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4962,7 +5040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4971,7 +5049,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4982,31 +5060,36 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "中継するプロキシターゲット PAM です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4145 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" "初期値: 設定されません。既存の PAM 設定を使用するか、新しく作成してサービス名" "をここに追加する必要があります。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5017,12 +5100,12 @@ msgstr "" "_nss_files_getpwent です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5030,12 +5113,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5044,12 +5127,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5057,7 +5140,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5066,12 +5149,12 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5088,7 +5171,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5096,17 +5179,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5115,7 +5198,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5125,7 +5208,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -5145,12 +5228,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -5161,69 +5244,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5236,7 +5319,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5244,7 +5327,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5253,55 +5336,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5310,17 +5393,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5328,26 +5411,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5356,17 +5439,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5376,7 +5459,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5385,59 +5468,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5446,7 +5529,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5455,17 +5538,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5473,39 +5556,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4516 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -5518,7 +5601,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5527,7 +5610,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5535,12 +5618,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5594,7 +5677,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5603,7 +5686,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5611,7 +5694,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5622,7 +5705,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5633,7 +5716,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5688,14 +5771,23 @@ msgstr "SSSD が複数の LDAP ドメインを使用するよう設定できま #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" "LDAP バックエンドは id, auth, access および chpass プロバイダーをサポートしま" "す。 LDAP サーバーに対して認証したければ、 TLS/SSL または LDAPS のどちらかが" @@ -5706,19 +5798,19 @@ msgstr "" "オプションを参照してください。" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "設定オプション" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "ldap_uri, ldap_backup_uri (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5728,17 +5820,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "URI の形式は RFC 2732 に決められている形式と一致しなければいけません:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<host>[:port]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" @@ -5746,17 +5838,17 @@ msgstr "" "す。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "例: ldap://[fc00::126:25]:389" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5765,29 +5857,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "サービス discovery ldap_chpass_dns_service_name を有効にするには、設定する必" "要があります。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "初期値: 空、つまり ldap_uri が使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "ldap_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "LDAP ユーザー操作を実行するために使用される初期ベース DN です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" @@ -5795,17 +5887,17 @@ msgstr "" "SSSD 1.7.0 以降、SSSD は次の構文を使用して複数の検索ベースをサポートします:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "範囲は \"base\", \"onelevel\" または \"subtree\" のどれかです。" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" @@ -5814,13 +5906,13 @@ msgstr "" "な LDAP 検索フィルターである必要があります。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "例:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" @@ -5829,7 +5921,7 @@ msgstr "" "ldap_search_base = dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" @@ -5838,7 +5930,7 @@ msgstr "" "(host=thishost)?dc=example.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5847,7 +5939,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5858,12 +5950,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "ldap_schema (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5871,32 +5963,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "rfc2307bis" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5907,37 +5999,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "初期値: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5946,74 +6038,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "LDAP ユーザー操作を実行するために使用される初期バインド DN です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "初期バインド DN の認証トークンの形式です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "現在 2 つのメカニズムがサポートされます:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "初期値: password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -6025,12 +6117,12 @@ msgstr "" "場合、このオプションを 0 以外に設定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." @@ -6038,12 +6130,12 @@ msgstr "" "SSSD が列挙レコードのキャッシュを更新する前に待つ必要がある秒数を指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "ldap_purge_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -6054,7 +6146,7 @@ msgstr "" "削除する間隔を決めます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -6063,12 +6155,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -6079,7 +6171,7 @@ msgstr "" "のオプションは RFC2307 スキーマにおいて効果がありません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -6089,7 +6181,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -6099,37 +6191,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "初期値: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" "オプションです。ホストオブジェクトの検索ベースとして与えられた文字列を使用し" "ます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." @@ -6138,32 +6230,32 @@ msgstr "" "してください。" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "初期値: <emphasis>ldap_search_base</emphasis> の値" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "ldap_service_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -6171,7 +6263,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -6182,12 +6274,12 @@ msgstr "" "かもしれません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -6195,12 +6287,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -6216,12 +6308,12 @@ msgstr "" "citerefentry> が未使用を返した後のタイムアウト(秒単位)を指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -6230,12 +6322,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -6244,7 +6336,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -6255,38 +6347,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "初期値: 900 (15 分)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout (integer)" msgstr "ldap_connection_expire_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -6294,17 +6386,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." @@ -6313,12 +6405,12 @@ msgstr "" "バーは 1 要求あたりの最大数の制限を強制します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "ldap_disable_paging (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -6329,7 +6421,7 @@ msgstr "" "ことを報告する場合に、このオプションが使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." @@ -6339,7 +6431,7 @@ msgstr "" "す。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -6350,17 +6442,17 @@ msgstr "" "があります。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "ldap_disable_range_retrieval (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "Active Directory の範囲の取得を無効化します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -6370,12 +6462,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "ldap_sasl_minssf (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -6383,17 +6475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6401,12 +6493,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6414,7 +6506,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6425,7 +6517,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6434,7 +6526,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6442,12 +6534,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6455,7 +6547,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6463,12 +6555,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -6477,7 +6569,7 @@ msgstr "" "クするものを指定します。以下の値のうち 1 つを指定できます:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -6486,7 +6578,7 @@ msgstr "" "確認しません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6497,7 +6589,7 @@ msgstr "" "無視され、セッションが通常通り進められます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6508,7 +6600,7 @@ msgstr "" "ンが直ちに終了します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6518,22 +6610,22 @@ msgstr "" "なければ、もしくは不正な証明書が提供されれば、セッションが直ちに終了します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = <quote>demand</quote> と同じです" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "初期値: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -6543,7 +6635,7 @@ msgstr "" "書を含むファイルを指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -6552,12 +6644,12 @@ msgstr "" "filename> にあります" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6570,32 +6662,32 @@ msgstr "" "ます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "クライアントのキーに対する証明書を含むファイルを指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "クライアントのキーを含むファイルを指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6603,26 +6695,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" "チャネルを保護するために <systemitem class=\"protocol\">tls</systemitem> も使" "用する必要がある id_provider 接続を指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "ldap_id_mapping (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6630,18 +6727,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" "この機能は現在 ActiveDirectory objectSID マッピングのみサポートします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6652,24 +6749,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6680,12 +6777,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6698,7 +6795,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6710,17 +6807,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "初期値: host/hostname@REALM" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "ldap_sasl_realm (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6728,17 +6825,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "初期値: krb5_realm の値" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." @@ -6747,33 +6844,33 @@ msgstr "" "するために逆引きを実行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "初期値: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "初期値: システムのキーテーブル、通常 <filename>/etc/krb5.keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6781,28 +6878,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "初期値: 86400 (24 時間)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "krb5_server, krb5_backup_server (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6814,7 +6911,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6825,7 +6922,7 @@ msgstr "" "ば _tcp にフォールバックします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6836,27 +6933,27 @@ msgstr "" "quote> を使用するよう設定ファイルを移行することが推奨されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "初期値: システムの初期値、<filename>/etc/krb5.conf</filename> 参照。" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" @@ -6865,12 +6962,12 @@ msgstr "" "します。この機能は MIT Kerberos >= 1.7 で利用可能です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "krb5_use_kdcinfo (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6880,7 +6977,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6891,12 +6988,12 @@ msgstr "" "manvolnum> </citerefentry> マニュアルページを参照ください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -6905,7 +7002,7 @@ msgstr "" "す。以下の値が許容されます:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -6914,7 +7011,7 @@ msgstr "" "ンはサーバー側のパスワードポリシーを無効にできません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 #, fuzzy #| msgid "" #| "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" @@ -6931,7 +7028,7 @@ msgstr "" "manvolnum></citerefentry> 形式の属性を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6942,24 +7039,24 @@ msgstr "" "とき、これらの属性を更新するために chpass_provider=krb5 を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "自動参照追跡が有効化されるかを指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -6968,7 +7065,7 @@ msgstr "" "sssd のみが参照追跡をサポートすることに注意してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6981,28 +7078,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "サービス検索が有効にされているときに使用するサービスの名前を指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "初期値: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." @@ -7011,24 +7108,24 @@ msgstr "" "を検索するために使用するサービスの名前を指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "ldap_chpass_update_last_change (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -7037,12 +7134,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -7058,12 +7155,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "例:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -7072,14 +7169,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -7088,17 +7185,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "初期値: 空白" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." @@ -7107,7 +7204,7 @@ msgstr "" "ます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -7118,12 +7215,12 @@ msgstr "" "否します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "以下の値が許可されます:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." @@ -7132,7 +7229,7 @@ msgstr "" "ldap_user_shadow_expire の値を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -7141,7 +7238,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -7152,7 +7249,7 @@ msgstr "" "ldap_ns_account_lock の値を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -7165,7 +7262,7 @@ msgstr "" "クセスが許可されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -7173,23 +7270,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "ldap_access_order (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "アクセス制御オプションのカンマ区切り一覧です。許可される値は次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis>: ldap_access_filter を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -7199,14 +7296,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -7219,12 +7316,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -7234,38 +7331,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" @@ -7274,44 +7371,44 @@ msgstr "" "authorizedService 属性を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" "<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "初期値: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "値が複数使用されていると設定エラーになることに注意してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -7320,22 +7417,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "ldap_deref (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" @@ -7344,12 +7441,12 @@ msgstr "" "ションが許容されます:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "<emphasis>never</emphasis>: エイリアスが参照解決されません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." @@ -7358,7 +7455,7 @@ msgstr "" "決されますが、検索のベースオブジェクトの位置を探すときはされません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." @@ -7367,7 +7464,7 @@ msgstr "" "すときのみ参照解決されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." @@ -7376,7 +7473,7 @@ msgstr "" "きも位置を検索するときも参照解決されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -7385,12 +7482,12 @@ msgstr "" "して取り扱われます)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "ldap_rfc2307_fallback_to_local_users (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -7399,7 +7496,7 @@ msgstr "" "ユーザーを保持することができます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -7410,7 +7507,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -7418,57 +7515,57 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 #, fuzzy #| msgid "debug_level (integer)" msgid "ldap_library_debug_level (integer)" msgstr "debug_level (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 #, fuzzy #| msgid "Default: 0 (disabled)" msgid "Default: 0 (libldap debugging disabled)" msgstr "初期値: 0 (無効)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -7480,12 +7577,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "SUDO オプション" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7493,19 +7590,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "ldap_sudo_full_refresh_interval (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" @@ -7514,24 +7611,24 @@ msgstr "" "ります" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "初期値: 21600 (6 時間)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "ldap_sudo_smart_refresh_interval (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7539,14 +7636,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7556,21 +7653,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 #, fuzzy #| msgid "ldap_idmap_range_size (integer)" msgid "ldap_sudo_random_offset (integer)" msgstr "ldap_idmap_range_size (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7578,7 +7675,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7586,29 +7683,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "ldap_sudo_use_host_filter (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "ldap_sudo_hostnames (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." @@ -7617,15 +7714,15 @@ msgstr "" "区切り一覧です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." @@ -7634,17 +7731,17 @@ msgstr "" "ならば、このオプションは効果を持ちません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "初期値: 指定なし" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "ldap_sudo_ip (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." @@ -7653,7 +7750,7 @@ msgstr "" "アドレスの空白区切り一覧です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." @@ -7661,38 +7758,38 @@ msgstr "" "このオプションが空白ならば、SSSD は自動的にアドレスを検索しようとします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "ldap_sudo_include_netgroups (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "ldap_sudo_include_regexp (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7704,59 +7801,59 @@ msgstr "" "refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "AUTOFS オプション" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "LDAP のオートマウントマスターマップの名前。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "高度なオプション" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7765,22 +7862,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "ldap_sudo_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "ldap_autofs_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7789,14 +7886,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "例" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7807,7 +7904,7 @@ msgstr "" "す。" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7820,27 +7917,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7856,13 +7953,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "注記" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -10286,12 +10383,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -10299,19 +10396,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 #, fuzzy #| msgid "dyndns_iface (string)" msgid "dyndns_auth_ptr (string)" msgstr "dyndns_iface (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -10319,7 +10416,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -10378,17 +10475,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "初期値: False (無効)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "dyndns_force_tcp (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." @@ -10397,48 +10501,48 @@ msgstr "" "どうか。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -10446,52 +10550,52 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "ldap_access_order (string)" msgid "ipa_access_order (string)" msgstr "ldap_access_order (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 #, fuzzy #| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "初期値: ベース DN を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 #, fuzzy #| msgid "ipa_subdomains_search_base (string)" msgid "ipa_subid_ranges_search_base (string)" msgstr "ipa_subdomains_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 #, fuzzy #| msgid "" #| "Optional. Use the given string as search base for HBAC related objects." @@ -10503,95 +10607,95 @@ msgstr "" "して使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 #, fuzzy #| msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "初期値: <emphasis>cn=trusts,%basedn</emphasis> の値" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" "オプションです。与えられた文字列を HBAC 関連オブジェクトに対する検索ベースと" "して使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "ipa_host_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "ipa_selinux_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" "オプションです。与えられた文字列を SELinux ユーザーマップに対する検索ベースと" "して使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "ipa_subdomains_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" "オプションです。信頼されたドメインに対する検索ベースとして、与えられた文字列" "を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "初期値: <emphasis>cn=trusts,%basedn</emphasis> の値" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "ipa_master_domain_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "初期値: <emphasis>cn=ad,cn=etc,%basedn</emphasis> の値" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." @@ -10600,7 +10704,7 @@ msgstr "" "quote> の値です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." @@ -10609,37 +10713,37 @@ msgstr "" "めに使用するベース DN に変換されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10647,34 +10751,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "初期値: 5 (秒)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10682,12 +10786,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "ipa_hbac_selinux (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10695,33 +10799,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "ipa_server_mode (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10729,59 +10833,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "ipa_automount_location (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "この IPA クライアントが使用する automounter の場所です" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "初期値: \"default\" という名前の場所" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10789,128 +10893,128 @@ msgid "Default: cn" msgstr "初期値: cn" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10920,19 +11024,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10943,7 +11047,7 @@ msgstr "" "メインのリクエストが必要に応じて IPA サーバーに送られます。" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10955,12 +11059,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10968,7 +11072,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10978,80 +11082,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -11065,7 +11169,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11076,7 +11180,7 @@ msgstr "" "例は IPA プロバイダー固有のオプションのみを示しています。" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -12284,7 +12388,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -12295,7 +12399,7 @@ msgstr "" "AD プロバイダー固有のオプションのみ示してします。" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -12319,7 +12423,7 @@ msgstr "" "ad_domain = example.com\n" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -12331,7 +12435,7 @@ msgstr "" "ldap_account_expire_policy = ad\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -12339,7 +12443,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -12349,7 +12453,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -18265,9 +18369,13 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" "このオプションが設定されるとき、ドメインはスライス 0 から始まり、各追加ドメイ" "ンに単原子的に増加するよう割り当てられます。" @@ -19207,6 +19315,20 @@ msgstr "" "ホストとユーザーのプリンシパルが正規化されるかどうかを指定します。この機能は " "MIT Kerberos 1.7 およびそれ以降で利用可能です。" +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。" + +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "ユーザーのクレディンシャルがローカル LDB キャッシュにキャッシュされるかど" +#~ "うかを決めます" + #~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" #~ msgstr "" #~ "ユーザーのクレディンシャルが、平文ではなく SHA512 ハッシュで保存されます" diff --git a/src/man/po/lv.po b/src/man/po/lv.po index dcfe92cd986..b136611a469 100644 --- a/src/man/po/lv.po +++ b/src/man/po/lv.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2014-12-15 12:00-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Latvian (http://www.transifex.com/projects/p/sssd/language/" @@ -207,11 +207,11 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "" @@ -228,11 +228,11 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -266,8 +266,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -297,8 +297,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Noklusējuma: 10" @@ -362,19 +362,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "" @@ -396,7 +396,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "" @@ -416,12 +416,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -429,39 +429,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -604,8 +604,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -875,7 +875,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -920,11 +920,11 @@ msgstr "" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -951,12 +951,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -965,22 +965,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -990,17 +990,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1010,19 +1010,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 300" msgid "Default: 60, KCM: 300" msgstr "Noklusējuma: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1033,14 +1033,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1048,46 +1048,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "Noklusējuma: 60" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 #, fuzzy #| msgid "timeout (integer)" msgid "offline_timeout_max (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1096,64 +1096,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 300" msgid "Default: 3600" msgstr "Noklusējuma: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 #, fuzzy #| msgid "timeout (integer)" msgid "offline_timeout_random_offset (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 300" msgid "Default: 30" msgstr "Noklusējuma: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1165,58 +1165,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 -#: sssd-ldap.5.xml:331 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "Noklusējuma: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1224,7 +1224,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1234,7 +1234,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1243,17 +1243,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1261,17 +1261,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "Noklusējuma: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1279,17 +1279,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1298,7 +1298,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1307,41 +1307,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1349,23 +1349,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1373,47 +1373,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1421,115 +1421,115 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 #, fuzzy #| msgid "timeout (integer)" msgid "memcache_timeout (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1537,27 +1537,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 #, fuzzy #| msgid "timeout (integer)" msgid "memcache_size_group (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1565,19 +1565,19 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Noklusējuma: 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1585,14 +1585,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 #, fuzzy #| msgid "timeout (integer)" msgid "memcache_size_sid (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1601,12 +1601,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1617,45 +1617,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 #, fuzzy #| msgid "Default: <quote>permit</quote>" msgid "Default: <quote>*</quote>" msgstr "Noklusējuma: <quote>atļaut</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1664,60 +1664,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "Noklusējuma: 0 (bez ierobežojuma)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1725,59 +1725,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "Noklusējuma: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1786,51 +1786,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1841,23 +1841,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1865,7 +1865,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1874,17 +1874,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1892,31 +1892,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1926,75 +1926,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2002,19 +2002,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2022,40 +2022,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2063,34 +2063,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2100,7 +2100,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2108,61 +2108,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2170,7 +2170,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2182,63 +2182,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2246,12 +2246,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2262,7 +2262,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2270,7 +2270,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2278,7 +2278,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2287,47 +2287,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2336,30 +2336,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2367,7 +2367,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2375,22 +2375,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2398,25 +2398,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2424,7 +2424,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2439,7 +2439,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2447,45 +2447,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2493,7 +2493,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2501,17 +2501,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2522,24 +2522,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2549,22 +2549,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2572,51 +2572,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2625,12 +2625,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2640,7 +2640,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2648,7 +2648,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2657,38 +2657,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2699,7 +2699,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2710,24 +2710,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2735,12 +2735,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2749,24 +2749,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 msgid "pac_check (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2777,24 +2777,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2802,24 +2802,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2831,7 +2831,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2842,60 +2842,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -2905,66 +2905,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -2972,17 +2972,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -2990,7 +2990,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -2999,56 +2999,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 msgid "exclude_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3058,12 +3058,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3072,14 +3072,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3088,38 +3088,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3128,24 +3128,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3154,29 +3154,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3190,14 +3190,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3206,39 +3206,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3247,19 +3247,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3270,139 +3270,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3411,17 +3411,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3433,23 +3433,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 -msgid "Determines if user credentials are also cached in the local LDB cache." +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3458,12 +3464,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3471,19 +3477,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3492,17 +3498,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "Noklusējuma: 0 (neierobežots)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3511,28 +3517,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3540,7 +3546,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3548,18 +3554,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3567,19 +3572,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3588,7 +3593,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3596,24 +3601,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3625,7 +3630,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3633,30 +3638,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3664,7 +3669,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3672,30 +3677,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3703,19 +3708,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3724,7 +3729,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3732,29 +3737,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "Noklusējuma: <quote>atļaut</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3762,7 +3767,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3770,35 +3775,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3806,32 +3811,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3842,7 +3847,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3851,12 +3856,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3864,7 +3869,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3872,31 +3877,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3904,7 +3909,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3913,17 +3918,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3931,43 +3936,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3975,7 +3980,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3983,7 +3988,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3991,24 +3996,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4016,31 +4021,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4048,7 +4053,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4057,12 +4062,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4072,24 +4077,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4098,19 +4103,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4120,93 +4125,93 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Noklusējuma: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "Atbalstītās vērtības:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3679 #, fuzzy #| msgid "timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3702 #, fuzzy #| msgid "timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4214,12 +4219,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4228,14 +4233,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3743 #, fuzzy #| msgid "timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4243,7 +4248,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4251,71 +4256,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3758 #, fuzzy #| msgid "Default: 6" msgid "Default: TRUE" msgstr "Noklusējuma: 6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4323,31 +4328,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4355,114 +4360,114 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3858 #, fuzzy #| msgid "timeout (integer)" msgid "ldap_offline_timeout" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3861 #, fuzzy #| msgid "timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3880 #, fuzzy #| msgid "timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3883 #, fuzzy #| msgid "timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3886 #, fuzzy #| msgid "timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4470,27 +4475,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4500,34 +4505,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4536,19 +4541,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4556,24 +4561,94 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3989 +msgid "local_auth_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: 6" +msgid "Default: match" +msgstr "Noklusējuma: 6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4582,24 +4657,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4609,14 +4684,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4624,21 +4699,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4646,7 +4721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4655,7 +4730,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4664,7 +4739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4672,29 +4747,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4702,12 +4778,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4715,12 +4791,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4729,12 +4805,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4742,19 +4818,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4771,7 +4847,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4779,17 +4855,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4798,7 +4874,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4808,7 +4884,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4828,12 +4904,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4844,69 +4920,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4919,7 +4995,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4927,7 +5003,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4936,55 +5012,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -4993,17 +5069,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5011,26 +5087,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5039,17 +5115,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5059,7 +5135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5068,59 +5144,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5129,7 +5205,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5138,17 +5214,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5156,46 +5232,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5204,7 +5280,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5212,12 +5288,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5247,7 +5323,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5256,7 +5332,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5264,7 +5340,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5275,7 +5351,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5286,7 +5362,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5340,26 +5416,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "KONFIGURĒŠANAS IESPĒJAS" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5369,33 +5445,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5404,71 +5480,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5477,7 +5553,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5488,12 +5564,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5501,32 +5577,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5537,37 +5613,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "Noklusējuma: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5576,74 +5652,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "Divi pašlaik atbalstītie mehānismi ir:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "parole" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5652,24 +5728,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5677,7 +5753,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5686,12 +5762,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -5699,7 +5775,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5709,7 +5785,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5719,67 +5795,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5787,7 +5863,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5795,12 +5871,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5808,12 +5884,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -5824,12 +5900,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5838,12 +5914,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5852,7 +5928,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5863,38 +5939,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 #, fuzzy #| msgid "timeout (integer)" msgid "ldap_connection_idle_timeout (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -5902,29 +5978,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -5932,14 +6008,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -5947,17 +6023,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -5967,12 +6043,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -5980,17 +6056,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -5998,12 +6074,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6011,7 +6087,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6022,7 +6098,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6031,7 +6107,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6039,12 +6115,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6052,7 +6128,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6060,26 +6136,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6087,7 +6163,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6095,7 +6171,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6103,41 +6179,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6146,32 +6222,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6179,24 +6255,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6204,17 +6281,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6225,24 +6302,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6253,12 +6330,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6271,7 +6348,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6283,17 +6360,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6301,49 +6378,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6351,28 +6428,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "Noklusējuma: 86400 (24 stundas)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6384,7 +6461,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6392,7 +6469,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6400,39 +6477,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6442,7 +6519,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6450,26 +6527,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6478,7 +6555,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6486,31 +6563,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6523,51 +6600,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "Noklusējuma: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6576,12 +6653,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6597,12 +6674,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "Piemērs:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6611,14 +6688,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6627,24 +6704,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6652,19 +6729,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "Atļautas šādas vērtības:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6673,7 +6750,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -6681,7 +6758,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6690,7 +6767,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -6698,22 +6775,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6723,14 +6800,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6743,12 +6820,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6758,81 +6835,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "Noklusējuma: filtrēt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6841,74 +6918,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -6919,7 +6996,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -6927,53 +7004,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -6985,12 +7062,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -6998,43 +7075,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7042,14 +7119,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7059,19 +7136,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7079,7 +7156,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7087,106 +7164,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7195,59 +7272,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "PAPLAŠINĀTĀS IESPĒJAS" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7256,22 +7333,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7280,14 +7357,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "PIEMĒRS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7295,7 +7372,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7308,27 +7385,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7344,13 +7421,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "PIEZĪMES" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9681,12 +9758,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9694,17 +9771,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9712,7 +9789,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9771,65 +9848,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9837,177 +9921,177 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 msgid "ipa_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10015,34 +10099,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10050,12 +10134,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10063,33 +10147,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10097,59 +10181,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10157,128 +10241,128 @@ msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10288,19 +10372,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10308,7 +10392,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10320,12 +10404,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10333,7 +10417,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10343,80 +10427,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10430,7 +10514,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -10438,7 +10522,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11638,7 +11722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11646,7 +11730,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11661,7 +11745,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11670,7 +11754,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11678,7 +11762,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11688,7 +11772,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -17295,7 +17379,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/nl.po b/src/man/po/nl.po index 04937cab6d5..d0333c00fd9 100644 --- a/src/man/po/nl.po +++ b/src/man/po/nl.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2014-12-15 12:02-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/" @@ -216,11 +216,11 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Standaard: true" @@ -237,11 +237,11 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -277,8 +277,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -308,8 +308,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -375,12 +375,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -389,7 +389,7 @@ msgstr "" "Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Standaard: 3" @@ -411,7 +411,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (tekst)" @@ -431,12 +431,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (tekst)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -444,39 +444,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -629,8 +629,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -900,7 +900,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -949,11 +949,11 @@ msgstr "re_expression (tekst)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -980,12 +980,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "SERVICES SECTIE" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -994,22 +994,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "Algemene service configuratie-opties" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "Deze opties kunnen gebruikt worden om services te configureren." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1019,17 +1019,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1039,19 +1039,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 3" msgid "Default: 60, KCM: 300" msgstr "Standaard: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1062,14 +1062,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1077,46 +1077,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "offline_timeout_max (integer)" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1125,62 +1125,62 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 3" msgid "Default: 3600" msgstr "Standaard: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 3" msgid "Default: 30" msgstr "Standaard: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1192,30 +1192,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 -#: sssd-ldap.5.xml:331 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "NSS configuratie-opties" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -1223,12 +1223,12 @@ msgstr "" "configurere." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" @@ -1237,17 +1237,17 @@ msgstr "" "over alle gebruikers)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "Standaard: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1255,7 +1255,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1265,7 +1265,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1274,17 +1274,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1292,17 +1292,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1310,17 +1310,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1329,7 +1329,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1338,41 +1338,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1380,23 +1380,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1404,47 +1404,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1452,117 +1452,117 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_timeout (integer)" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_passwd (integer)" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1570,27 +1570,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_group (integer)" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1598,21 +1598,21 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_initgroups (integer)" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1620,14 +1620,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_sid (integer)" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1636,12 +1636,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1652,45 +1652,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 #, fuzzy #| msgid "Default: <quote>%1$s@%2$s</quote>." msgid "Default: <quote>*</quote>" msgstr "Standaard: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1699,60 +1699,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1760,61 +1760,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 #, fuzzy #| msgid "re_expression (string)" msgid "pam_response_filter (string)" msgstr "re_expression (tekst)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1823,51 +1823,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1878,23 +1878,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1902,7 +1902,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1911,17 +1911,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1929,31 +1929,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "Standaard: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1963,75 +1963,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2039,19 +2039,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2059,40 +2059,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2100,36 +2100,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 #, fuzzy #| msgid "re_expression (string)" msgid "pam_cert_verification (string)" msgstr "re_expression (tekst)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2139,7 +2139,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2147,61 +2147,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2209,7 +2209,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2221,63 +2221,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2285,12 +2285,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2301,7 +2301,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2309,7 +2309,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2317,7 +2317,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2326,47 +2326,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2375,30 +2375,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2406,7 +2406,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2414,22 +2414,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2437,25 +2437,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2463,7 +2463,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2478,7 +2478,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2486,45 +2486,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2532,7 +2532,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2540,17 +2540,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2561,24 +2561,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2588,22 +2588,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2611,51 +2611,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2664,12 +2664,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2679,7 +2679,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2687,7 +2687,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2696,38 +2696,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2738,7 +2738,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2749,24 +2749,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2774,12 +2774,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2788,26 +2788,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 #, fuzzy #| msgid "re_expression (string)" msgid "pac_check (string)" msgstr "re_expression (tekst)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2818,24 +2818,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2843,24 +2843,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2872,7 +2872,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2883,60 +2883,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -2946,66 +2946,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3013,17 +3013,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3031,7 +3031,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3040,58 +3040,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 #, fuzzy #| msgid "re_expression (string)" msgid "exclude_users (string)" msgstr "re_expression (tekst)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3101,12 +3101,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3115,14 +3115,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3131,38 +3131,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3171,24 +3171,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3197,29 +3197,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3233,14 +3233,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3249,39 +3249,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3290,19 +3290,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3313,139 +3313,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3454,17 +3454,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3476,23 +3476,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 -msgid "Determines if user credentials are also cached in the local LDB cache." +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3501,12 +3507,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3514,19 +3520,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3535,17 +3541,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3554,28 +3560,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3583,7 +3589,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3591,18 +3597,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3610,19 +3615,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3631,7 +3636,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3639,24 +3644,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3668,7 +3673,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3676,30 +3681,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3707,7 +3712,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3715,30 +3720,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3746,19 +3751,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3767,7 +3772,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3775,29 +3780,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3805,7 +3810,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3813,35 +3818,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3849,32 +3854,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3885,7 +3890,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3894,12 +3899,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3907,7 +3912,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3915,31 +3920,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3947,7 +3952,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3956,17 +3961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3974,43 +3979,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4018,7 +4023,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4026,7 +4031,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4034,24 +4039,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4059,31 +4064,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4091,7 +4096,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4100,12 +4105,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4115,24 +4120,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4141,19 +4146,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4163,93 +4168,93 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Standaard: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3679 #, fuzzy #| msgid "entry_negative_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "entry_negative_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3702 #, fuzzy #| msgid "entry_negative_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "entry_negative_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4257,12 +4262,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4271,14 +4276,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3743 #, fuzzy #| msgid "entry_negative_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "entry_negative_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4286,7 +4291,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4294,71 +4299,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3758 #, fuzzy #| msgid "Default: 3" msgid "Default: TRUE" msgstr "Standaard: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4366,31 +4371,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4398,114 +4403,114 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3858 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "ldap_offline_timeout" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3861 #, fuzzy #| msgid "reconnection_retries (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "reconnection_retries (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3880 #, fuzzy #| msgid "reconnection_retries (integer)" msgid "ldap_enumeration_search_timeout" msgstr "reconnection_retries (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3883 #, fuzzy #| msgid "reconnection_retries (integer)" msgid "ldap_connection_expire_timeout" msgstr "reconnection_retries (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3886 #, fuzzy #| msgid "reconnection_retries (integer)" msgid "ldap_connection_expire_offset" msgstr "reconnection_retries (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4513,27 +4518,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4543,34 +4548,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4579,19 +4584,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4599,24 +4604,96 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "re_expression (string)" +msgid "local_auth_policy (string)" +msgstr "re_expression (tekst)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: match" +msgstr "Standaard: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4625,24 +4702,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4652,14 +4729,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4667,21 +4744,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4689,7 +4766,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4698,7 +4775,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4707,7 +4784,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4715,29 +4792,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4745,12 +4823,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4758,12 +4836,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4772,12 +4850,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4785,19 +4863,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4814,7 +4892,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4822,17 +4900,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4841,7 +4919,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4851,7 +4929,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4871,12 +4949,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4887,69 +4965,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4962,7 +5040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4970,7 +5048,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4979,55 +5057,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5036,17 +5114,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5054,26 +5132,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5082,17 +5160,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5102,7 +5180,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5111,59 +5189,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5172,7 +5250,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5181,17 +5259,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5199,46 +5277,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5247,7 +5325,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5255,12 +5333,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5290,7 +5368,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5299,7 +5377,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5307,7 +5385,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5318,7 +5396,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5329,7 +5407,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5383,26 +5461,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5412,33 +5490,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5447,71 +5525,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5520,7 +5598,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5531,12 +5609,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5544,32 +5622,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5580,37 +5658,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5619,74 +5697,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5695,24 +5773,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5720,7 +5798,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5729,12 +5807,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -5742,7 +5820,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5752,7 +5830,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5762,67 +5840,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5830,7 +5908,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5838,12 +5916,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5851,12 +5929,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -5867,12 +5945,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5881,12 +5959,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5895,7 +5973,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5906,38 +5984,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 #, fuzzy #| msgid "reconnection_retries (integer)" msgid "ldap_connection_idle_timeout (integer)" msgstr "reconnection_retries (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -5945,29 +6023,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -5975,14 +6053,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -5990,17 +6068,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -6010,12 +6088,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -6023,17 +6101,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6041,12 +6119,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6054,7 +6132,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6065,7 +6143,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6074,7 +6152,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6082,12 +6160,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6095,7 +6173,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6103,26 +6181,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6130,7 +6208,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6138,7 +6216,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6146,41 +6224,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6189,32 +6267,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6222,24 +6300,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6247,17 +6326,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6268,24 +6347,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6296,12 +6375,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6314,7 +6393,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6326,17 +6405,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6344,49 +6423,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6394,28 +6473,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6427,7 +6506,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6435,7 +6514,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6443,39 +6522,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6485,7 +6564,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6493,26 +6572,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6521,7 +6600,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6529,31 +6608,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6566,51 +6645,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6619,12 +6698,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6640,12 +6719,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6654,14 +6733,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6670,24 +6749,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6695,19 +6774,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6716,7 +6795,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -6724,7 +6803,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6733,7 +6812,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -6741,22 +6820,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6766,14 +6845,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6786,12 +6865,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6801,81 +6880,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6884,74 +6963,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -6962,7 +7041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -6970,55 +7049,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 #, fuzzy #| msgid "debug_level (integer)" msgid "ldap_library_debug_level (integer)" msgstr "debug_level (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -7030,12 +7109,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7043,43 +7122,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7087,14 +7166,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7104,19 +7183,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7124,7 +7203,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7132,106 +7211,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7240,59 +7319,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7301,22 +7380,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7325,14 +7404,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7340,7 +7419,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7353,27 +7432,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7389,13 +7468,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9732,12 +9811,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9745,17 +9824,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9763,7 +9842,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9822,65 +9901,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9888,179 +9974,179 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "re_expression (string)" msgid "ipa_access_order (string)" msgstr "re_expression (tekst)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10068,34 +10154,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10103,12 +10189,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10116,33 +10202,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10150,59 +10236,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10210,128 +10296,128 @@ msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10341,19 +10427,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10361,7 +10447,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10373,12 +10459,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10386,7 +10472,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10396,80 +10482,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10483,7 +10569,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -10491,7 +10577,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11685,7 +11771,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11693,7 +11779,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11708,7 +11794,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11717,7 +11803,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11725,7 +11811,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11735,7 +11821,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -17344,7 +17430,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/pt.po b/src/man/po/pt.po index f443f432319..d2ae946bec2 100644 --- a/src/man/po/pt.po +++ b/src/man/po/pt.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2014-12-15 12:05-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/" @@ -211,11 +211,11 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "" @@ -232,11 +232,11 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -272,8 +272,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -303,8 +303,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Padrão: 10" @@ -370,12 +370,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -384,7 +384,7 @@ msgstr "" "falha do provedor de dados ou reiniciar antes de eles desistirem" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Padrão: 3" @@ -406,7 +406,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (string)" @@ -426,12 +426,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -439,39 +439,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -614,8 +614,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -885,7 +885,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -938,11 +938,11 @@ msgstr "ldap_user_principal (string)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -969,12 +969,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -983,22 +983,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1008,17 +1008,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1028,19 +1028,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 300" msgid "Default: 60, KCM: 300" msgstr "Padrão: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1051,14 +1051,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1066,46 +1066,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "Padrão: 60" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 #, fuzzy #| msgid "timeout (integer)" msgid "offline_timeout_max (integer)" msgstr "timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1114,64 +1114,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 300" msgid "Default: 3600" msgstr "Padrão: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "offline_timeout_random_offset (integer)" msgstr "dns_resolver_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 300" msgid "Default: 30" msgstr "Padrão: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1183,58 +1183,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 -#: sssd-ldap.5.xml:331 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "Padrão: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1242,7 +1242,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1252,7 +1252,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1261,17 +1261,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "Padrão: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1279,17 +1279,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1297,17 +1297,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1316,7 +1316,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1325,41 +1325,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1367,23 +1367,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1391,47 +1391,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "allowed_shells (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1439,117 +1439,117 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "vetoed_shells (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "shell_fallback (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "Padrão: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 #, fuzzy #| msgid "entry_cache_timeout (integer)" msgid "memcache_timeout (integer)" msgstr "entry_cache_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 #, fuzzy #| msgid "entry_cache_timeout (integer)" msgid "memcache_size_passwd (integer)" msgstr "entry_cache_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1557,27 +1557,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 #, fuzzy #| msgid "entry_cache_timeout (integer)" msgid "memcache_size_group (integer)" msgstr "entry_cache_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1585,21 +1585,21 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Padrão: 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 #, fuzzy #| msgid "entry_cache_timeout (integer)" msgid "memcache_size_initgroups (integer)" msgstr "entry_cache_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1607,14 +1607,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 #, fuzzy #| msgid "entry_cache_timeout (integer)" msgid "memcache_size_sid (integer)" msgstr "entry_cache_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1623,12 +1623,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1639,45 +1639,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 #, fuzzy #| msgid "Default: <quote>%1$s@%2$s</quote>." msgid "Default: <quote>*</quote>" msgstr "Default: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1686,60 +1686,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1747,61 +1747,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "Padrão: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 #, fuzzy #| msgid "access_provider (string)" msgid "pam_response_filter (string)" msgstr "access_provider (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1810,51 +1810,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1865,23 +1865,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1889,7 +1889,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1898,17 +1898,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1916,31 +1916,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1950,75 +1950,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "Padrão: none" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2026,19 +2026,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2046,40 +2046,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2087,36 +2087,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 #, fuzzy #| msgid "ldap_user_principal (string)" msgid "pam_cert_verification (string)" msgstr "ldap_user_principal (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2126,7 +2126,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2134,61 +2134,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "pam_id_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "pam_id_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2196,7 +2196,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2208,63 +2208,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2272,12 +2272,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2288,7 +2288,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2296,7 +2296,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2304,7 +2304,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2313,47 +2313,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2362,30 +2362,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2393,7 +2393,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2401,22 +2401,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2424,25 +2424,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Padrão: TRUE" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2450,7 +2450,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2465,7 +2465,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2473,45 +2473,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2519,7 +2519,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2527,17 +2527,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2548,24 +2548,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2575,22 +2575,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2598,51 +2598,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2651,12 +2651,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2666,7 +2666,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2674,7 +2674,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2683,38 +2683,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2725,7 +2725,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2736,24 +2736,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2761,12 +2761,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2775,26 +2775,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 #, fuzzy #| msgid "ipa_hostname (string)" msgid "pac_check (string)" msgstr "ipa_hostname (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2805,24 +2805,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2830,24 +2830,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2859,7 +2859,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2870,60 +2870,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -2933,66 +2933,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3000,17 +3000,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3018,7 +3018,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3027,64 +3027,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 #, fuzzy #| msgid "ldap_user_shell (string)" msgid "exclude_users (string)" msgstr "ldap_user_shell (string)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 #, fuzzy #| msgid "Default: empty, i.e. ldap_uri is used." msgid "Default: Empty. No users excluded." msgstr "Padrão: empty, ou seja, ldap_uri é usado." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 #, fuzzy #| msgid "ldap_group_search_base (string)" msgid "exclude_groups (string)" msgstr "ldap_group_search_base (string)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 #, fuzzy #| msgid "Default: empty, i.e. ldap_uri is used." msgid "Default: Empty. No groups excluded." msgstr "Padrão: empty, ou seja, ldap_uri é usado." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "SECÇÕES DE DOMÍNIO" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3094,12 +3094,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3108,14 +3108,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3124,38 +3124,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3164,24 +3164,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Padrão: 1 para min_id, 0 (sem limite) para max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "enumerate (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3190,29 +3190,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "Padrão: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3226,14 +3226,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3242,39 +3242,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3283,19 +3283,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3306,139 +3306,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "Padrão: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3447,17 +3447,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3469,23 +3469,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "cache_credentials (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 -msgid "Determines if user credentials are also cached in the local LDB cache." +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3494,12 +3500,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3507,19 +3513,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3528,17 +3534,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "Padrão: 0 (ilimitado)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3547,28 +3553,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "id_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3576,7 +3582,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3584,18 +3590,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3603,19 +3608,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3624,7 +3629,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3632,24 +3637,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3661,7 +3666,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3669,30 +3674,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "auth_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3700,7 +3705,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3708,30 +3713,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "access_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3739,19 +3744,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3760,7 +3765,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3768,29 +3773,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3798,7 +3803,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3806,35 +3811,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3842,32 +3847,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3878,7 +3883,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3887,12 +3892,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3900,7 +3905,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3908,31 +3913,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3940,7 +3945,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3949,17 +3954,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3967,43 +3972,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4011,7 +4016,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4019,7 +4024,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4027,24 +4032,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4052,31 +4057,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4084,7 +4089,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4093,12 +4098,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4108,24 +4113,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4134,19 +4139,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4156,93 +4161,93 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Default: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "Default: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3679 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "Padrão: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3702 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4250,12 +4255,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4264,14 +4269,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3743 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4279,7 +4284,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4287,69 +4292,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "Padrão: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "override_gid (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4357,31 +4362,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4389,126 +4394,126 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3849 #, fuzzy #| msgid "ldap_search_timeout (integer)" msgid "ldap_search_timeout" msgstr "ldap_search_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3852 #, fuzzy #| msgid "ldap_network_timeout (integer)" msgid "ldap_network_timeout" msgstr "ldap_network_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3855 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3858 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_offline_timeout" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3861 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3864 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3877 #, fuzzy #| msgid "ldap_krb5_ticket_lifetime (integer)" msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3880 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3883 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3886 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3889 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_connection_idle_timeout" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4516,27 +4521,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4546,34 +4551,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4582,19 +4587,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4602,24 +4607,96 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: cn" +msgid "Default: match" +msgstr "Padrão: NC" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4628,24 +4705,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4655,14 +4732,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4670,21 +4747,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4692,7 +4769,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4701,7 +4778,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4710,7 +4787,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4718,29 +4795,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4748,12 +4826,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4761,12 +4839,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4775,12 +4853,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4788,19 +4866,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4817,7 +4895,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4825,17 +4903,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4844,7 +4922,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4854,7 +4932,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4874,12 +4952,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4890,69 +4968,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4965,7 +5043,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4973,7 +5051,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4982,55 +5060,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5039,17 +5117,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5057,26 +5135,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5085,17 +5163,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5105,7 +5183,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5114,59 +5192,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5175,7 +5253,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5184,17 +5262,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5202,46 +5280,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5250,7 +5328,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5258,12 +5336,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5317,7 +5395,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5326,7 +5404,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5334,7 +5412,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5345,7 +5423,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5356,7 +5434,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5410,26 +5488,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "OPÇÕES DE CONFIGURAÇÃO" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5439,33 +5517,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<host>[:port]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5474,57 +5552,57 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "Padrão: empty, ou seja, ldap_uri é usado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "ldap_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "Exemplos:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" @@ -5533,7 +5611,7 @@ msgstr "" "ldap_search_base = dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" @@ -5542,7 +5620,7 @@ msgstr "" "(host=thishost)?dc=example.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5551,7 +5629,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5562,12 +5640,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5575,32 +5653,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5611,37 +5689,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5650,74 +5728,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5726,24 +5804,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5751,7 +5829,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5760,12 +5838,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -5773,7 +5851,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5783,7 +5861,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5793,67 +5871,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5861,7 +5939,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5869,12 +5947,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5882,12 +5960,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -5898,12 +5976,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5912,12 +5990,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5926,7 +6004,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5937,38 +6015,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 #, fuzzy #| msgid "ldap_network_timeout (integer)" msgid "ldap_connection_idle_timeout (integer)" msgstr "ldap_network_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -5976,29 +6054,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -6006,14 +6084,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -6021,17 +6099,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -6041,12 +6119,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -6054,17 +6132,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6072,12 +6150,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6085,7 +6163,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6096,7 +6174,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6105,7 +6183,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6113,12 +6191,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6126,7 +6204,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6134,19 +6212,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -6155,7 +6233,7 @@ msgstr "" "qualquer certificado de servidor." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6163,7 +6241,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6171,7 +6249,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6179,41 +6257,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "Padrão: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6222,32 +6300,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6255,24 +6333,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6280,17 +6359,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6301,24 +6380,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6329,12 +6408,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6347,7 +6426,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6359,17 +6438,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6377,50 +6456,50 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "Padrão: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Padrão: Sistema keytab, normalmente <filename>/etc/krb5.keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6428,28 +6507,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "Padrão: 86400 (24 horas)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6461,7 +6540,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6469,7 +6548,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6477,39 +6556,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6519,7 +6598,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6527,26 +6606,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6555,7 +6634,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6563,31 +6642,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6600,51 +6679,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6653,12 +6732,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6674,12 +6753,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6688,14 +6767,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6704,24 +6783,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6729,19 +6808,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6750,7 +6829,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -6758,7 +6837,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6767,7 +6846,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -6775,22 +6854,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6800,14 +6879,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6820,12 +6899,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6835,81 +6914,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "Padrão: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6918,74 +6997,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "ldap_deref (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -6996,7 +7075,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -7004,55 +7083,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 #, fuzzy #| msgid "ldap_page_size (integer)" msgid "ldap_library_debug_level (integer)" msgstr "ldap_page_size (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -7064,12 +7143,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7077,43 +7156,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7121,14 +7200,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7138,21 +7217,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_sudo_random_offset (integer)" msgstr "ldap_opt_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7160,7 +7239,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7168,106 +7247,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7276,59 +7355,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "OPÇÕES AVANÇADAS" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7337,22 +7416,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7361,14 +7440,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "EXEMPLO" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7376,7 +7455,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7389,27 +7468,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7425,13 +7504,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "NOTAS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9772,12 +9851,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9785,19 +9864,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 #, fuzzy #| msgid "auth_provider (string)" msgid "dyndns_auth_ptr (string)" msgstr "auth_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9805,7 +9884,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9864,65 +9943,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9930,181 +10016,181 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "access_provider (string)" msgid "ipa_access_order (string)" msgstr "access_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "Default: Use base DN" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 #, fuzzy #| msgid "ipa_hbac_search_base (string)" msgid "ipa_subid_ranges_search_base (string)" msgstr "ipa_hbac_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10112,34 +10198,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10147,12 +10233,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10160,33 +10246,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10194,59 +10280,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10254,128 +10340,128 @@ msgid "Default: cn" msgstr "Padrão: NC" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10385,19 +10471,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10405,7 +10491,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10417,12 +10503,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10430,7 +10516,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10440,80 +10526,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10527,7 +10613,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -10535,7 +10621,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11729,7 +11815,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11737,7 +11823,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11752,7 +11838,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11761,7 +11847,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11769,7 +11855,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11779,7 +11865,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -17410,7 +17496,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/pt_BR.po b/src/man/po/pt_BR.po index f8700b9af58..1eaea8e4a50 100644 --- a/src/man/po/pt_BR.po +++ b/src/man/po/pt_BR.po @@ -4,7 +4,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2017-01-29 10:11-0500\n" "Last-Translator: Rodrigo de Araujo Sousa Fonseca " "<rodrigodearaujo@fedoraproject.org>\n" @@ -201,11 +201,11 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "" @@ -222,11 +222,11 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -260,8 +260,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -291,8 +291,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -356,19 +356,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "" @@ -390,7 +390,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "" @@ -410,12 +410,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -423,39 +423,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -598,8 +598,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -869,7 +869,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -914,11 +914,11 @@ msgstr "" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -945,12 +945,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -959,22 +959,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -984,17 +984,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1004,17 +1004,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 msgid "Default: 60, KCM: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1025,14 +1025,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1040,44 +1040,44 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 msgid "offline_timeout_max (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1086,58 +1086,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 msgid "Default: 3600" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 msgid "Default: 30" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1149,58 +1149,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 -#: sssd-ldap.5.xml:331 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1208,7 +1208,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1218,7 +1218,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1227,17 +1227,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1245,17 +1245,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1263,17 +1263,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1282,7 +1282,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1291,41 +1291,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1333,23 +1333,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1357,47 +1357,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1405,113 +1405,113 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1519,25 +1519,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 msgid "memcache_size_group (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1545,19 +1545,19 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1565,12 +1565,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 msgid "memcache_size_sid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1579,12 +1579,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1595,43 +1595,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 msgid "Default: <quote>*</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1640,60 +1640,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1701,59 +1701,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1762,51 +1762,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1817,23 +1817,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1841,7 +1841,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1850,17 +1850,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1868,31 +1868,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1902,75 +1902,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -1978,19 +1978,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -1998,40 +1998,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2039,34 +2039,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2076,7 +2076,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2084,59 +2084,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 msgid "passkey_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2144,7 +2144,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2156,63 +2156,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2220,12 +2220,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2236,7 +2236,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2244,7 +2244,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2252,7 +2252,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2261,47 +2261,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2310,30 +2310,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2341,7 +2341,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2349,22 +2349,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2372,25 +2372,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2398,7 +2398,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2413,7 +2413,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2421,45 +2421,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2467,7 +2467,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2475,17 +2475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2496,24 +2496,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2523,22 +2523,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2546,51 +2546,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2599,12 +2599,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2614,7 +2614,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2622,7 +2622,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2631,38 +2631,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2673,7 +2673,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2684,24 +2684,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2709,12 +2709,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2723,24 +2723,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 msgid "pac_check (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2751,24 +2751,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2776,24 +2776,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2805,7 +2805,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2816,60 +2816,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -2879,66 +2879,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -2946,17 +2946,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -2964,7 +2964,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -2973,56 +2973,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 msgid "exclude_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3032,12 +3032,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3046,14 +3046,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3062,38 +3062,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3102,24 +3102,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3128,29 +3128,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3164,14 +3164,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3180,39 +3180,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3221,19 +3221,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3244,139 +3244,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3385,17 +3385,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3407,23 +3407,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 -msgid "Determines if user credentials are also cached in the local LDB cache." +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3432,12 +3438,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3445,19 +3451,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3466,17 +3472,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3485,28 +3491,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3514,7 +3520,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3522,18 +3528,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3541,19 +3546,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3562,7 +3567,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3570,24 +3575,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3599,7 +3604,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3607,30 +3612,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3638,7 +3643,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3646,30 +3651,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3677,19 +3682,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3698,7 +3703,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3706,29 +3711,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3736,7 +3741,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3744,35 +3749,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3780,32 +3785,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3816,7 +3821,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3825,12 +3830,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3838,7 +3843,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3846,31 +3851,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3878,7 +3883,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3887,17 +3892,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3905,43 +3910,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3949,7 +3954,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3957,7 +3962,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3965,24 +3970,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3990,31 +3995,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4022,7 +4027,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4031,12 +4036,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4046,24 +4051,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4072,19 +4077,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4094,89 +4099,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3679 msgid "dns_resolver_server_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3702 msgid "dns_resolver_op_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4184,12 +4189,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4198,12 +4203,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3743 msgid "dns_resolver_use_search_list (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4211,7 +4216,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4219,69 +4224,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4289,31 +4294,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4321,104 +4326,104 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3858 msgid "ldap_offline_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3861 msgid "ldap_enumeration_refresh_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3880 msgid "ldap_enumeration_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3883 msgid "ldap_connection_expire_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3886 msgid "ldap_connection_expire_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4426,27 +4431,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4456,34 +4461,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4492,19 +4497,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4512,24 +4517,92 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3989 +msgid "local_auth_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +msgid "Default: match" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4538,24 +4611,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4565,14 +4638,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4580,21 +4653,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4602,7 +4675,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4611,7 +4684,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4620,7 +4693,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4628,29 +4701,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4658,12 +4732,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4671,12 +4745,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4685,12 +4759,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4698,19 +4772,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4727,7 +4801,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4735,17 +4809,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4754,7 +4828,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4764,7 +4838,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4784,12 +4858,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4800,69 +4874,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4875,7 +4949,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4883,7 +4957,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4892,55 +4966,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -4949,17 +5023,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -4967,26 +5041,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -4995,17 +5069,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5015,7 +5089,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5024,59 +5098,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5085,7 +5159,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5094,17 +5168,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5112,46 +5186,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5160,7 +5234,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5168,12 +5242,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5203,7 +5277,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5212,7 +5286,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5220,7 +5294,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5231,7 +5305,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5242,7 +5316,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5296,26 +5370,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5325,33 +5399,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5360,71 +5434,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5433,7 +5507,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5444,12 +5518,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5457,32 +5531,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5493,37 +5567,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5532,74 +5606,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5608,24 +5682,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5633,7 +5707,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5642,12 +5716,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -5655,7 +5729,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5665,7 +5739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5675,67 +5749,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5743,7 +5817,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5751,12 +5825,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5764,12 +5838,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -5780,12 +5854,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5794,12 +5868,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5808,7 +5882,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5819,36 +5893,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 msgid "ldap_connection_idle_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -5856,29 +5930,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -5886,14 +5960,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -5901,17 +5975,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -5921,12 +5995,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -5934,17 +6008,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -5952,12 +6026,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -5965,7 +6039,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -5976,7 +6050,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -5985,7 +6059,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -5993,12 +6067,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6006,7 +6080,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6014,26 +6088,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6041,7 +6115,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6049,7 +6123,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6057,41 +6131,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6100,32 +6174,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6133,24 +6207,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6158,17 +6233,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6179,24 +6254,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6207,12 +6282,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6225,7 +6300,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6237,17 +6312,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6255,49 +6330,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6305,28 +6380,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6338,7 +6413,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6346,7 +6421,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6354,39 +6429,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6396,7 +6471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6404,26 +6479,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6432,7 +6507,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6440,31 +6515,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6477,51 +6552,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6530,12 +6605,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6551,12 +6626,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6565,14 +6640,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6581,24 +6656,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6606,19 +6681,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6627,7 +6702,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -6635,7 +6710,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6644,7 +6719,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -6652,22 +6727,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6677,14 +6752,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6697,12 +6772,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6712,81 +6787,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6795,74 +6870,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -6873,7 +6948,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -6881,53 +6956,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -6939,12 +7014,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -6952,43 +7027,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -6996,14 +7071,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7013,19 +7088,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7033,7 +7108,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7041,106 +7116,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7149,59 +7224,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7210,22 +7285,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7234,14 +7309,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7249,7 +7324,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7262,27 +7337,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7298,13 +7373,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9633,12 +9708,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9646,17 +9721,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9664,7 +9739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9723,65 +9798,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9789,177 +9871,177 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 msgid "ipa_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -9967,34 +10049,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10002,12 +10084,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10015,33 +10097,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10049,59 +10131,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10109,128 +10191,128 @@ msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10240,19 +10322,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10260,7 +10342,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10272,12 +10354,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10285,7 +10367,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10295,80 +10377,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10382,7 +10464,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -10390,7 +10472,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11584,7 +11666,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11592,7 +11674,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11607,7 +11689,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11616,7 +11698,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11624,7 +11706,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11634,7 +11716,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -17237,7 +17319,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/ru.po b/src/man/po/ru.po index e0933c85adb..6c3f3e45176 100644 --- a/src/man/po/ru.po +++ b/src/man/po/ru.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2022-12-14 19:20+0000\n" "Last-Translator: Elena Mishina <lepata@basealt.ru>\n" "Language-Team: Russian <https://translate.fedoraproject.org/projects/sssd/" @@ -252,11 +252,11 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "По умолчанию: true" @@ -276,11 +276,11 @@ msgstr "" "игнорироваться." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -322,8 +322,8 @@ msgstr "" "на другие типы журнала)." #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -357,8 +357,8 @@ msgstr "" "завершит свою работу." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "По умолчанию: 10" @@ -436,12 +436,12 @@ msgstr "" "следующей команды: «systemctl enable sssd-@service@.socket». </phrase>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -450,7 +450,7 @@ msgstr "" "перезапуска поставщика данных" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "По умолчанию: 3" @@ -479,7 +479,7 @@ msgstr "" "Символ «/» использовать нельзя." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (строка)" @@ -505,12 +505,12 @@ msgstr "" "разделе справки «РАЗДЕЛЫ ДОМЕНА»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -521,32 +521,32 @@ msgstr "" "создания полностью определённого имени из имени пользователя и имени домена." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "имя пользователя" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "имя домена, указанное в файле конфигурации SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." @@ -556,7 +556,7 @@ msgstr "" "доверия IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -769,8 +769,8 @@ msgstr "" "параметр default_domain_suffix." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -1124,7 +1124,7 @@ msgstr "" "пользователей в разных доменах могут быть одинаковыми." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "По умолчанию: не задано" @@ -1180,11 +1180,11 @@ msgstr "pam_cert_verification (строка)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -1225,12 +1225,12 @@ msgstr "" "<quote>[sssd]</quote>. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "РАЗДЕЛЫ СЛУЖБ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -1243,22 +1243,22 @@ msgstr "" "раздел <quote>[nss]</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "Общие параметры настройки служб" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "Эти параметры можно использовать для настройки любых служб." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1274,17 +1274,17 @@ msgstr "" "ограничением «hard» в limits.conf." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "По умолчанию: 8192 (или ограничение «hard» в limits.conf)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1299,17 +1299,17 @@ msgstr "" "на 10 секунд." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 msgid "Default: 60, KCM: 300" msgstr "По умолчанию: 60, KCM: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "offline_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1327,7 +1327,7 @@ msgstr "" "следующей формуле:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" @@ -1336,7 +1336,7 @@ msgstr "" "offline_timeout_random_offset]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1348,7 +1348,7 @@ msgstr "" "количество секунд до следующей попытки." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." @@ -1357,18 +1357,18 @@ msgstr "" "параметром offline_timeout_max (кроме случайной части)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "По умолчанию: 60" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 msgid "offline_timeout_max (integer)" msgstr "offline_timeout_max (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." @@ -1377,12 +1377,12 @@ msgstr "" "сеть после неудачных попыток восстановления подключения." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "Значение «0» отключает использование приращения." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." @@ -1391,7 +1391,7 @@ msgstr "" "offline_timeout." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1405,7 +1405,7 @@ msgstr "" "4 раза превышать значение offline_timeout." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." @@ -1415,17 +1415,17 @@ msgstr "" "имеет практического смысла." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 msgid "Default: 3600" msgstr "По умолчанию: 3600" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "offline_timeout_random_offset (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" @@ -1434,7 +1434,7 @@ msgstr "" "внутренним серверам через заданные промежутки времени:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" @@ -1444,27 +1444,27 @@ msgstr "" "случайное число, принадлежащее диапазону:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "[0 - offline_timeout_random_offset]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "Значение «0» отключает добавление случайной задержки." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 msgid "Default: 30" msgstr "По умолчанию: 30" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "responder_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1483,18 +1483,18 @@ msgstr "" "активируются с помощью сокетов или D-Bus." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 -#: sssd-ldap.5.xml:331 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "По умолчанию: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "cache_first" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." @@ -1503,12 +1503,12 @@ msgstr "" "опросом поставщиков данных." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "Параметры настройки NSS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -1516,12 +1516,12 @@ msgstr "" "(NSS)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" @@ -1530,17 +1530,17 @@ msgstr "" "пользователях) в кэше nss_sss в секундах" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "По умолчанию: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1551,7 +1551,7 @@ msgstr "" "значения entry_cache_timeout для домена." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1567,7 +1567,7 @@ msgstr "" "ожидании обновления кэша." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1581,17 +1581,17 @@ msgstr "" "значения «0» отключает эту возможность." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "По умолчанию: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1603,17 +1603,17 @@ msgstr "" "серверу." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "По умолчанию: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "local_negative_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1625,17 +1625,17 @@ msgstr "" "возможность." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "По умолчанию: 14400 (4 часа)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1650,7 +1650,7 @@ msgstr "" "(UPN)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1664,17 +1664,17 @@ msgstr "" "отфильтрованной вложенной группы." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "По умолчанию: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (логическое значение)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" @@ -1682,12 +1682,12 @@ msgstr "" "установите этот параметр в значение «false»." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "fallback_homedir (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." @@ -1696,7 +1696,7 @@ msgstr "" "явно не указан поставщиком данных домена." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" @@ -1704,7 +1704,7 @@ msgstr "" "параметра override_homedir." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1714,23 +1714,23 @@ msgstr "" " " #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "пример: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "По умолчанию: не задано (без замен для незаданных домашних каталогов)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "override_shell (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1742,19 +1742,19 @@ msgstr "" "домена отдельно." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" "По умолчанию: не задано (SSSD будет использовать значение, полученное от " "LDAP)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "allowed_shells (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" @@ -1762,14 +1762,14 @@ msgstr "" "Порядок вычисления:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" "1. Если оболочка присутствует в файле <quote>/etc/shells</quote>, будет " "использована она." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." @@ -1778,7 +1778,7 @@ msgstr "" "etc/shells</quote>, использовать значение параметра shell_fallback." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." @@ -1787,14 +1787,14 @@ msgstr "" "shells</quote>, будет использована оболочка, которая не требует входа." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" "Чтобы разрешить использование любой оболочки, можно использовать " "подстановочный знак (*)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1805,12 +1805,12 @@ msgstr "" "ведение списка всех разрешённых оболочек в allowed_shells было бы излишним." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "Пустая строка оболочки передаётся libc «как есть»." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." @@ -1819,28 +1819,28 @@ msgstr "" "Следовательно, в случае установки новой оболочки потребуется перезапуск SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" "По умолчанию: не задано. Автоматически используется оболочка пользователя." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "vetoed_shells (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "Заменять все экземпляры этих оболочек на shell_fallback" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "shell_fallback (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" @@ -1848,17 +1848,17 @@ msgstr "" "оболочка не установлена на компьютере." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "По умолчанию: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "default_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." @@ -1868,7 +1868,7 @@ msgstr "" "разделе [nss] или для каждого домена отдельно." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" @@ -1877,12 +1877,12 @@ msgstr "" "положиться на libc в плане подстановки подходящего варианта, обычно /bin/sh)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "get_domains_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." @@ -1891,12 +1891,12 @@ msgstr "" "действительным." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "memcache_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." @@ -1906,7 +1906,7 @@ msgstr "" "отключит кэш в памяти." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." @@ -1916,8 +1916,8 @@ msgstr "" "только для тестирования." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." @@ -1927,12 +1927,12 @@ msgstr "" "памяти." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "memcache_size_passwd (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1943,13 +1943,13 @@ msgstr "" "памяти для запросов passwd." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "По умолчанию: 8" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." @@ -1958,12 +1958,12 @@ msgstr "" "значительное негативное воздействие на производительность SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 msgid "memcache_size_group (integer)" msgstr "memcache_size_group (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1974,19 +1974,19 @@ msgstr "" "памяти для запросов group." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "По умолчанию: 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "memcache_size_initgroups (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1997,12 +1997,12 @@ msgstr "" "отключит кэш в памяти для запросов групп инициализации." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 msgid "memcache_size_sid (integer)" msgstr "memcache_size_sid (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -2015,12 +2015,12 @@ msgstr "" "размера в значение «0» отключит кэш SID в памяти." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "user_attributes (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -2037,7 +2037,7 @@ msgstr "" "manvolnum> </citerefentry>), но без стандартных значений." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." @@ -2046,17 +2046,17 @@ msgstr "" "ли он для ответчика NSS." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "По умолчанию: не задано, использовать параметр InfoPipe" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "pwfield (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." @@ -2065,12 +2065,12 @@ msgstr "" "вернут для поля <quote>password</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 msgid "Default: <quote>*</quote>" msgstr "По умолчанию: <quote>*</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." @@ -2079,7 +2079,7 @@ msgstr "" "что будет иметь приоритет над значением в разделе [nss]." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 #, fuzzy #| msgid "" #| "Default: <quote>not set</quote> (remote domains), <quote>x</quote> (the " @@ -2096,12 +2096,12 @@ msgstr "" "shadowutils)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "Параметры настройки PAM" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." @@ -2110,12 +2110,12 @@ msgstr "" "проверки подлинности (PAM)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." @@ -2125,17 +2125,17 @@ msgstr "" "момента последнего успешного входа)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "По умолчанию: 0 (без ограничений)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." @@ -2144,12 +2144,12 @@ msgstr "" "режиме, сколько следует допускать неудачных попыток входа." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." @@ -2159,7 +2159,7 @@ msgstr "" "входа." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -2171,17 +2171,17 @@ msgstr "" "возможной, необходимо успешно пройти проверку подлинности в сетевом режиме." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "По умолчанию: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." @@ -2190,43 +2190,43 @@ msgstr "" "подлинности. Чем больше число, тем больше сообщений будет показано." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "В настоящее время sssd поддерживает следующие значения:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis>: не показывать никаких сообщений" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis>: показывать только важные сообщения" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis>: показывать информационные сообщения" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" "<emphasis>3</emphasis>: показывать все сообщения и отладочную информацию" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "По умолчанию: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "pam_response_filter (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -2240,7 +2240,7 @@ msgstr "" "установлены pam_sss)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." @@ -2249,37 +2249,37 @@ msgstr "" "параметр позволяет отфильтровать также и другие типы ответов." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "ENV" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "Не отправлять никаким службам никакие переменные среды." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "ENV:var_name" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "Не отправлять переменную среды var_name никаким службам." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "ENV:var_name:service" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "Не отправлять переменную среды var_name указанной службе." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -2288,7 +2288,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -2306,23 +2306,23 @@ msgstr "" "префикса только для части элементов списка считается ошибкой." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "По умолчанию: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "Пример: -ENV:KRB5CCNAME:sudo-i удалит фильтр из списка стандартных" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -2334,7 +2334,7 @@ msgstr "" "данные." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -2348,17 +2348,17 @@ msgstr "" "обменов данными с поставщиком данных идентификации." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "Показать предупреждение за N дней до истечения срока действия пароля." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -2369,7 +2369,7 @@ msgstr "" "сможет показать предупреждение." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -2379,7 +2379,7 @@ msgstr "" "показано автоматически." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." @@ -2388,17 +2388,17 @@ msgstr "" "<emphasis>pwd_expiration_warning</emphasis> для конкретного домена." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "По умолчанию: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "pam_trusted_users (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -2413,12 +2413,12 @@ msgstr "" "quote>. Имена пользователей разрешаются в UID при запуске." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "По умолчанию: все пользователи считаются доверенными по умолчанию" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." @@ -2427,12 +2427,12 @@ msgstr "" "если этот идентификатор пользователя отсутствует в списке pam_trusted_users." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "pam_public_domains (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." @@ -2441,12 +2441,12 @@ msgstr "" "недоверенных пользователей." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "Для параметра pam_public_domains определены два специальных значения:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" @@ -2454,7 +2454,7 @@ msgstr "" "PAM)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" @@ -2463,19 +2463,19 @@ msgstr "" "PAM)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "По умолчанию: none" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "pam_account_expired_message (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." @@ -2484,7 +2484,7 @@ msgstr "" "которое заменит стандартное сообщение «Доступ запрещён»." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." @@ -2494,7 +2494,7 @@ msgstr "" "«3» (показывать все сообщения и отладочную информацию)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2504,12 +2504,12 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "pam_account_locked_message (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." @@ -2518,7 +2518,7 @@ msgstr "" "стандартное сообщение «Доступ запрещён»." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2528,42 +2528,42 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 #, fuzzy #| msgid "pam_cert_auth (bool)" msgid "pam_passkey_auth (bool)" msgstr "pam_cert_auth (логическое значение)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "По умолчанию: false" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "pam_cert_auth (логическое значение)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2574,22 +2574,22 @@ msgstr "" "задержит процесс проверки подлинности, по умолчанию этот параметр отключён." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "pam_cert_db_path (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "Путь к базе данных сертификатов." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "По умолчанию:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" @@ -2598,12 +2598,12 @@ msgstr "" "CA в формате PEM)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "pam_cert_verification (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2618,7 +2618,7 @@ msgstr "" "<quote>certificate_verification</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2628,7 +2628,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." @@ -2638,26 +2638,26 @@ msgstr "" "quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "p11_child_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" "Разрешённое количество секунд, в течение которого pam_sss ожидает завершения " "работы p11_child." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "p11_child_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "p11_child_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 #, fuzzy #| msgid "How many seconds will pam_sss wait for p11_child to finish." msgid "" @@ -2667,12 +2667,12 @@ msgstr "" "работы p11_child." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "pam_app_services (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" @@ -2681,12 +2681,12 @@ msgstr "" "типа <quote>application</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "pam_p11_allowed_services (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." @@ -2695,7 +2695,7 @@ msgstr "" "использовать смарт-карты." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2705,7 +2705,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2724,63 +2724,63 @@ msgstr "" "конфигурацию: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "По умолчанию: стандартный набор имён служб PAM включает:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "login" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "su" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "su-l" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "gdm-smartcard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "gdm-password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "kdm" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "sudo" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "sudo-i" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "gnome-screensaver" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "p11_wait_for_card_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2791,12 +2791,12 @@ msgstr "" "p11_child_timeout) ответчик PAM должен ожидать вставки смарт-карты." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "p11_uri (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2814,7 +2814,7 @@ msgstr "" "чтения." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2824,7 +2824,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2834,7 +2834,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2848,17 +2848,17 @@ msgstr "" "URI PKCS#11." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "pam_initgroups_scheme" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "always" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" @@ -2866,12 +2866,12 @@ msgstr "" "pam_id_timeout всё равно применяется)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "no_session" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" @@ -2880,12 +2880,12 @@ msgstr "" "то есть тогда, когда пользователь не находится в системе" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "never" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" @@ -2894,7 +2894,7 @@ msgstr "" "до тех пор, пока они не устареют" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2907,17 +2907,17 @@ msgstr "" "допустимые значения: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "По умолчанию: no_session" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "pam_gssapi_services" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." @@ -2926,7 +2926,7 @@ msgstr "" "проверку подлинности по GSSAPI с помощью модуля pam_sss_gss.so." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" @@ -2934,7 +2934,7 @@ msgstr "" "параметр в значение <quote>-</quote> (дефис)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2946,7 +2946,7 @@ msgstr "" "в разделе домена." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2956,22 +2956,22 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Пример: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "По умолчанию: - (проверка подлинности с помощью GSSAPI отключена)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "pam_gssapi_check_upn" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2983,7 +2983,7 @@ msgstr "" "такой привязки нет, проверка подлинности завершится ошибкой." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." @@ -2992,18 +2992,18 @@ msgstr "" "пользователей, получивших необходимый билет службы." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "По умолчанию: true" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "pam_gssapi_indicators_map" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -3015,7 +3015,7 @@ msgstr "" "pam_sss_gss.so." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -3042,7 +3042,7 @@ msgstr "" "доступ." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -3054,7 +3054,7 @@ msgstr "" "<quote>service:-</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" @@ -3063,7 +3063,7 @@ msgstr "" "индикаторов проверки подлинности:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." @@ -3072,7 +3072,7 @@ msgstr "" "которые хранятся в файлах или на смарт-картах." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." @@ -3081,13 +3081,13 @@ msgstr "" "предварительная проверка подлинности, помещённая в канал FAST." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" "radius — предварительная проверка подлинности с помощью сервера RADIUS." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." @@ -3096,14 +3096,14 @@ msgstr "" "двухфакторной аутентификации (2FA или одноразовый пароль, OTP) в IPA." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" "idp -- предварительная аутентификация с использованием внешнего поставщика " "удостоверений." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -3113,7 +3113,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -3125,19 +3125,19 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" "По умолчанию: не задано (использование индикаторов проверки подлинности не " "требуется)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "Параметры настройки SUDO" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -3154,12 +3154,12 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "sudo_timed (логическое значение)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." @@ -3168,12 +3168,12 @@ msgstr "" "предназначенные для определения временных ограничений для записей sudoers." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "sudo_threshold (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -3189,22 +3189,22 @@ msgstr "" "к поискам команд и групп команд sudo IPA." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "Параметры настройки AUTOFS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "Эти параметры можно использовать для настройки службы autofs." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "autofs_negative_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -3215,22 +3215,22 @@ msgstr "" "например, несуществующих) перед повторным запросом к внутреннему серверу." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "Параметры настройки SSH" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "Эти параметры можно использовать для настройки службы SSH." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "ssh_hash_known_hosts (логическое значение)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." @@ -3238,12 +3238,12 @@ msgstr "" "Следует ли хэшировать имена и адреса узлов в управляемом файле known_hosts." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "ssh_known_hosts_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." @@ -3252,17 +3252,17 @@ msgstr "" "управляемом файле known_hosts после запроса ключей этого узла." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "По умолчанию: 180" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "ssh_use_certificate_keys (логическое значение)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -3276,12 +3276,12 @@ msgstr "" "<manvolnum>1</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "ssh_use_certificate_matching_rules (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -3297,7 +3297,7 @@ msgstr "" "другие правила будут игнорироваться." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -3309,7 +3309,7 @@ msgstr "" "ключи SSH будут создаваться на основе всех действительных сертификатов." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -3323,7 +3323,7 @@ msgstr "" "подлинности сертификатов." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." @@ -3332,7 +3332,7 @@ msgstr "" "выбрано ни одного правила, все сертификаты будут проигнорированы." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" @@ -3341,12 +3341,12 @@ msgstr "" "правила или правило по умолчанию" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "ca_db (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." @@ -3356,12 +3356,12 @@ msgstr "" "SSH." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "Параметры настройки ответчика PAC" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -3379,7 +3379,7 @@ msgstr "" "обрабатывается, выполняются некоторые из следующих операций:" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -3396,7 +3396,7 @@ msgstr "" "можно переопределить с помощью параметра default_shell." #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." @@ -3405,17 +3405,17 @@ msgstr "" "добавлен в эти группы." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "Эти параметры можно использовать для настройки ответчика PAC." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "allowed_uids (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -3426,13 +3426,13 @@ msgstr "" "запуске." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" "По умолчанию: 0 (доступ к ответчику PAC разрешён только пользователю root)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -3446,12 +3446,12 @@ msgstr "" "доступ." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "pac_lifetime (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." @@ -3460,12 +3460,12 @@ msgstr "" "PAC можно использовать для определения участия пользователя в группах." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 msgid "pac_check (string)" msgstr "pac_check (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -3483,12 +3483,12 @@ msgstr "" "пропущена." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "no_check" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." @@ -3497,12 +3497,12 @@ msgstr "" "проверки выполняться не будут." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "pac_present" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -3513,12 +3513,12 @@ msgstr "" "ошибкой." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "check_upn" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." @@ -3527,12 +3527,12 @@ msgstr "" "пользователя (UPN) верна." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "check_upn_allow_missing" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -3552,7 +3552,7 @@ msgstr "" "устанавливать 'ldap_user_principal'." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -3569,24 +3569,24 @@ msgstr "" "пропуску проверки и сообщение не появится в журнале." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "upn_dns_info_present" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" "PAC должен содержать буфер UPN-DNS-INFO, неявным образом устанавливает " "'check_upn'." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "check_upn_dns_info_ex" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." @@ -3595,12 +3595,12 @@ msgstr "" "согласованы ли данные в расширении." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "upn_dns_info_ex_present" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." @@ -3609,7 +3609,7 @@ msgstr "" "устанавливает 'check_upn_dns_info_ex', 'upn_dns_info_present' и 'check_upn'." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -3618,7 +3618,7 @@ msgstr "" "запятыми списка: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" @@ -3627,12 +3627,12 @@ msgstr "" "check_upn_allow_missing, check_upn_dns_info_ex')" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "Параметры настройки записи сеансов" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -3648,32 +3648,32 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "Эти параметры можно использовать для настройки записи сеансов." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "scope (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "«none»" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "Пользователи не записываются." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "«some»" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." @@ -3682,17 +3682,17 @@ msgstr "" "<replaceable>users</replaceable> и <replaceable>groups</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "«all»" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "Записываются все пользователи." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -3701,17 +3701,17 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "По умолчанию: «none»" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "users (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3723,17 +3723,17 @@ msgstr "" "так далее." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "По умолчанию: пусто. Не соответствует ни одному пользователю." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "groups (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3744,7 +3744,7 @@ msgstr "" "NSS, то есть после возможной замены пробелов, смены регистра и так далее." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3757,17 +3757,17 @@ msgstr "" "установление соответствия групп, участником которых он является." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "По умолчанию: пусто. Не соответствует ни одной группе." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 msgid "exclude_users (string)" msgstr "exclude_users (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." @@ -3776,17 +3776,17 @@ msgstr "" "применимо только при «scope=all»." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "По умолчанию: пусто. Не исключается ни один пользователь." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "exclude_groups (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." @@ -3795,22 +3795,22 @@ msgstr "" "применимо только при «scope=all»." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "По умолчанию: пусто. Не исключается ни одна группа." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "РАЗДЕЛЫ ДОМЕНА" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "enabled" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3825,12 +3825,12 @@ msgstr "" "параметра domains в разделе <quote>[sssd]</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "domain_type (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3843,7 +3843,7 @@ msgstr "" "операционной системы доступны только объекты из доменов POSIX." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." @@ -3852,7 +3852,7 @@ msgstr "" "<quote>application</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3864,7 +3864,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) и ответчика PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." @@ -3873,7 +3873,7 @@ msgstr "" "с <quote>id_provider=ldap</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." @@ -3882,17 +3882,17 @@ msgstr "" "<quote>Домены приложений</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "По умолчанию: posix" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." @@ -3901,7 +3901,7 @@ msgstr "" "находящуюся вне указанного диапазона, она будет проигнорирована." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3915,7 +3915,7 @@ msgstr "" "группы, будут выведены в обычном режиме." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." @@ -3924,17 +3924,17 @@ msgstr "" "кэш, а не только на их возврат по имени или идентификатору." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "По умолчанию: 1 для min_id, 0 (без ограничений) для max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "enumerate (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3947,22 +3947,22 @@ msgstr "" "вторичных групп. Этот параметр может иметь одно из следующих значений:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = пользователи и группы перечисляются" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = для этого домена не выполняется перечисление" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "По умолчанию: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." @@ -3971,7 +3971,7 @@ msgstr "" "сохранить ВСЕ записи пользователей и групп с удалённого сервера." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3995,7 +3995,7 @@ msgstr "" "перезапущен внутренним сторожевым таймером." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." @@ -4004,7 +4004,7 @@ msgstr "" "или групп могут не вернуть результатов до момента завершения перечисления." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -4018,7 +4018,7 @@ msgstr "" "идентификаторов (id_provider)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." @@ -4027,32 +4027,32 @@ msgstr "" "средах большого размера." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "subdomain_enumerate (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "all" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "Выполнить перечисление для всех обнаруженных доверенных доменов" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "Не выполнять перечисление для обнаруженных доверенных доменов" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -4066,12 +4066,12 @@ msgstr "" "только для них." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" @@ -4080,7 +4080,7 @@ msgstr "" "действительными, прежде чем снова обратиться к внутреннему серверу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -4097,17 +4097,17 @@ msgstr "" "уже были кэшированы." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "По умолчанию: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "entry_cache_user_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" @@ -4117,19 +4117,19 @@ msgstr "" "серверу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "По умолчанию: entry_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "entry_cache_group_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" @@ -4138,12 +4138,12 @@ msgstr "" "действительными, прежде чем снова обратиться к внутреннему серверу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "entry_cache_netgroup_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" @@ -4152,12 +4152,12 @@ msgstr "" "групп действительными, прежде чем снова обратиться к внутреннему серверу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "entry_cache_service_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" @@ -4166,12 +4166,12 @@ msgstr "" "действительными, прежде чем снова обратиться к внутреннему серверу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "entry_cache_resolver_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" @@ -4180,12 +4180,12 @@ msgstr "" "сетей действительными, прежде чем снова обратиться к внутреннему серверу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "entry_cache_sudo_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" @@ -4194,12 +4194,12 @@ msgstr "" "действительными, прежде чем снова обратиться к внутреннему серверу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "entry_cache_autofs_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" @@ -4209,12 +4209,12 @@ msgstr "" "внутреннему серверу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "entry_cache_ssh_host_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." @@ -4224,12 +4224,12 @@ msgstr "" "узла в кэше." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "entry_cache_computer_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" @@ -4238,12 +4238,12 @@ msgstr "" "компьютера, прежде чем снова обратиться к внутреннему серверу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "refresh_expired_interval (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." @@ -4252,7 +4252,7 @@ msgstr "" "обновления всех устаревших или почти устаревших записей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -4266,18 +4266,18 @@ msgstr "" "пользователя в группах, обычно выполняется при запуске)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "Этот параметр автоматически наследуется для всех доверенных доменов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" "Рекомендуется установить это значение равным 3/4 * entry_cache_timeout." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -4298,28 +4298,29 @@ msgstr "" "существующего кэша." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "По умолчанию: 0 (отключено)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "cache_credentials (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 -#, fuzzy -#| msgid "" -#| "Determines if user credentials are also cached in the local LDB cache" -msgid "Determines if user credentials are also cached in the local LDB cache." +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" -"Определяет, следует ли также кэшировать учётные данные пользователя в " -"локальном кэше LDB" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -4328,12 +4329,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "cache_credentials_minimal_first_factor_length (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -4345,7 +4346,7 @@ msgstr "" "сохранён в формате контрольной суммы SHA512 в кэше." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." @@ -4355,12 +4356,12 @@ msgstr "" "мишенью для атак методом подбора." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -4373,17 +4374,17 @@ msgstr "" "быть больше или равно значению offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "По умолчанию: 0 (без ограничений)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -4396,17 +4397,17 @@ msgstr "" "настроить поставщика данных проверки подлинности." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "По умолчанию: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "id_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -4414,12 +4415,12 @@ msgstr "" "Поддерживаемые поставщики ID:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "<quote>proxy</quote>: поддержка устаревшего поставщика NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4431,7 +4432,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4442,13 +4443,18 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" "<quote>ipa</quote>: поставщик данных FreeIPA и Red Hat Enterprise Identity " "Management. Дополнительные сведения о настройке FreeIPA: <citerefentry> " @@ -4456,8 +4462,8 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4468,12 +4474,12 @@ msgstr "" "ad</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -4482,7 +4488,7 @@ msgstr "" "домена) в качестве имени для входа пользователя, которое сообщается NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -4496,7 +4502,7 @@ msgstr "" "passwd test@LOCAL</command> получится это сделать." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -4507,7 +4513,7 @@ msgstr "" "групп выполняется поиск во всех доменах, когда запрашивается неполное имя." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" @@ -4516,17 +4522,17 @@ msgstr "" "использования default_domain_suffix)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "Не возвращать участников групп для поиска групп." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -4545,7 +4551,7 @@ msgstr "" "запрошенную группу так, как будто она пуста." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -4556,11 +4562,11 @@ msgstr "" "количество участников)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." @@ -4569,12 +4575,12 @@ msgstr "" "унаследован с помощью <emphasis>subdomain_inherit</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "auth_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -4583,7 +4589,7 @@ msgstr "" "Поддерживаемые поставщики данных для проверки подлинности:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4594,7 +4600,7 @@ msgstr "" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4606,7 +4612,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" @@ -4614,12 +4620,12 @@ msgstr "" "PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> — явно отключить проверку подлинности." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -4628,12 +4634,12 @@ msgstr "" "задан и поддерживает обработку запросов проверки подлинности." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "access_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -4644,7 +4650,7 @@ msgstr "" "включены в установленные внутренние серверы). Внутренние особые поставщики:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -4653,12 +4659,12 @@ msgstr "" "разрешённого доступа для локального домена." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> — всегда отказывать в доступе." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -4671,7 +4677,7 @@ msgstr "" "<manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4682,23 +4688,23 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" "<quote>proxy</quote> — передать управление доступом другому модулю PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "По умолчанию: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "chpass_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4707,7 +4713,7 @@ msgstr "" "домена. Поддерживаемые поставщики данных смены пароля:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4718,7 +4724,7 @@ msgstr "" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4729,19 +4735,19 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" "<quote>proxy</quote> — передать смену пароля какой-либо другой цели PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "<quote>none</quote> — явно запретить смену пароля." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4750,19 +4756,19 @@ msgstr "" "задан и поддерживает обработку запросов смены пароля." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "sudo_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "Поставщик данных SUDO, который используется для домена. Поддерживаемые " "поставщики данных SUDO:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4773,7 +4779,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." @@ -4782,7 +4788,7 @@ msgstr "" "параметрами IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." @@ -4791,20 +4797,20 @@ msgstr "" "параметрами AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote> — явно отключить SUDO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "По умолчанию: использовать значение <quote>id_provider</quote>, если этот " "параметр задан." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4822,7 +4828,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4836,12 +4842,12 @@ msgstr "" "планируется использовать sudo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "selinux_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4852,7 +4858,7 @@ msgstr "" "работы поставщика доступа. Поддерживаемые поставщики данных SELinux:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4863,12 +4869,12 @@ msgstr "" "ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "<quote>none</quote> — явно отключает получение параметров SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." @@ -4877,12 +4883,12 @@ msgstr "" "задан и поддерживает обработку запросов загрузки параметров SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "subdomains_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" @@ -4892,7 +4898,7 @@ msgstr "" "Поддерживаемые поставщики данных поддоменов:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4903,7 +4909,7 @@ msgstr "" "ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4916,17 +4922,17 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "<quote>none</quote> — явно отключает получение данных поддоменов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "session_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4938,14 +4944,14 @@ msgstr "" "Commander (работает только c IPA). Поддерживаемые поставщики данных сеансов:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" "<quote>ipa</quote> — разрешить выполнение заданий, связанных с сеансами " "пользователей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" @@ -4953,7 +4959,7 @@ msgstr "" "пользователей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." @@ -4962,7 +4968,7 @@ msgstr "" "задан и поддерживает выполнение заданий, связанных с сеансами." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." @@ -4972,12 +4978,12 @@ msgstr "" "пользователя без привилегий." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "autofs_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -4985,7 +4991,7 @@ msgstr "" "поставщики данных autofs:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4996,7 +5002,7 @@ msgstr "" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -5007,7 +5013,7 @@ msgstr "" "ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -5019,17 +5025,17 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> — явно отключить autofs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "hostid_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -5038,7 +5044,7 @@ msgstr "" "узла. Поддерживаемые поставщики hostid:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -5050,17 +5056,17 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> — явно отключить hostid." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "resolver_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" @@ -5069,7 +5075,7 @@ msgstr "" "Поддерживаемые поставщики данных сопоставления:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" @@ -5078,7 +5084,7 @@ msgstr "" "NSS. См. <quote>proxy_resolver_lib_name</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -5090,7 +5096,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -5103,12 +5109,12 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "<quote>none</quote> — явно отключает получение записей узлов и сетей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -5123,7 +5129,7 @@ msgstr "" "домена." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3560 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5140,17 +5146,17 @@ msgstr "" "назначать три разных стиля записи имён пользователей:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "username@domain.name" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3573 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5169,12 +5175,12 @@ msgstr "" "назначать три разных стиля записи имён пользователей:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "domain\\username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." @@ -5183,7 +5189,7 @@ msgstr "" "обеспечения простой интеграции пользователей из доменов Windows." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -5193,17 +5199,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "По умолчанию: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "lookup_family_order (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -5212,46 +5218,46 @@ msgstr "" "следует использовать при выполнении запросов DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "Поддерживаемые значения:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first: попытаться найти адрес IPv4, в случае неудачи попытаться найти " "адрес IPv6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "ipv4_only: пытаться разрешать имена узлов только в адреса IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first: попытаться найти адрес IPv6, в случае неудачи попытаться найти " "адрес IPv4" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "ipv6_only: пытаться разрешать имена узлов только в адреса IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "По умолчанию: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3679 msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_server_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." @@ -5261,7 +5267,7 @@ msgstr "" "следующему." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" @@ -5269,7 +5275,7 @@ msgstr "" "времени проверки связи CLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." @@ -5278,17 +5284,17 @@ msgstr "" "<quote>ОБРАБОТКА ОТКАЗА</quote>." #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "По умолчанию: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3702 msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_op_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -5300,12 +5306,12 @@ msgstr "" "следующего DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -5318,12 +5324,12 @@ msgstr "" "работу в автономном режиме." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3743 msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_use_search_list (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -5334,7 +5340,7 @@ msgstr "" "средах с неправильно настроенным DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -5345,17 +5351,17 @@ msgstr "" "запросы DNS в таких средах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "По умолчанию: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -5364,54 +5370,54 @@ msgstr "" "доменную часть запроса обнаружения служб DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "По умолчанию: использовать доменную часть имени узла компьютера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "override_gid (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "Переопределить значение основного GID указанным значением." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "case_sensitive (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" "С учётом регистра. Это значение не является корректным для поставщика данных " "AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "Без учёта регистра." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "Preserving" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -5423,7 +5429,7 @@ msgstr "" "регистр в выведенных данных." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." @@ -5433,7 +5439,7 @@ msgstr "" "на сервере." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -5442,17 +5448,17 @@ msgstr "" "значения: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "По умолчанию: True (False для поставщика данных AD)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "subdomain_inherit (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -5464,47 +5470,47 @@ msgstr "" "параметров:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "ldap_search_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "ldap_network_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3858 msgid "ldap_offline_timeout" msgstr "ldap_offline_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3861 msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" @@ -5513,57 +5519,57 @@ msgstr "" "ldap_krb5_keytab не задан явно)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3880 msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3883 msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3886 msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "auto_private_groups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "case_sensitive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -5573,28 +5579,28 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" "Примечание: этот параметр работает только для поставщиков данных IPA и AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "плоское (NetBIOS) имя поддомена." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -5610,7 +5616,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" @@ -5618,29 +5624,29 @@ msgstr "" "<emphasis>override_homedir</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "По умолчанию: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "realmd_tags (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" "Различные метки, сохранённые службой настройки realmd для этого домена." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "cached_auth_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -5654,7 +5660,7 @@ msgstr "" "сетевом режиме." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." @@ -5664,12 +5670,12 @@ msgstr "" "значения." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "Специальное значение «0» подразумевает, что эта возможность отключена." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -5680,17 +5686,95 @@ msgstr "" "обработки <quote>initgroups.</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "" +#| "The following example creates a container named 'mycontainer': " +#| "<placeholder type=\"programlisting\" id=\"0\"/>" +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"В следующем примере создаётся контейнер с именем «mycontainer»: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: mail" +msgid "Default: match" +msgstr "По умолчанию: mail" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "auto_private_groups (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." @@ -5699,7 +5783,7 @@ msgstr "" "UID пользователя. Номер GID в этом случае игнорируется." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5713,12 +5797,12 @@ msgstr "" "пространстве идентификаторов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "false" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." @@ -5727,12 +5811,12 @@ msgstr "" "ссылаться на объект группы в базе данных LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "hybrid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5747,7 +5831,7 @@ msgstr "" "основной GID этого пользователя разрешается в этот объект группы." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." @@ -5756,7 +5840,7 @@ msgstr "" "группы; в ином случае GID просто будет невозможно разрешить." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5767,7 +5851,7 @@ msgstr "" "сохранить существующие закрытые группы пользователей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -5776,7 +5860,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." @@ -5786,7 +5870,7 @@ msgstr "" "поддоменов, которые используют автоматическое сопоставление идентификаторов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5796,7 +5880,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5808,7 +5892,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5822,7 +5906,7 @@ msgstr "" "type=\"programlisting\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -5833,31 +5917,36 @@ msgstr "" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "Цель, которой пересылает данные прокси PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4145 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" "По умолчанию: не задано по умолчанию; следует воспользоваться существующей " "конфигурацией PAM или создать новую и добавить здесь имя службы." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5868,12 +5957,12 @@ msgstr "" "_nss_$(libName)_$(function), например: _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "proxy_resolver_lib_name (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5884,12 +5973,12 @@ msgstr "" "вид _nss_$(libName)_$(function), например: _nss_dns_gethostbyname2_r." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5903,12 +5992,12 @@ msgstr "" "идентификатора в кэше в целях ускорения предоставления результатов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "proxy_max_children (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5920,7 +6009,7 @@ msgstr "" "постановки запросов в очередь." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5929,12 +6018,12 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "Домены приложений" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5963,7 +6052,7 @@ msgstr "" "традиционного домена SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5974,17 +6063,17 @@ msgstr "" "порядок поиска для домена приложений и его родственного домена POSIX." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "Параметры доменов приложений" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "inherit_from (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5997,7 +6086,7 @@ msgstr "" "<quote>родственного</quote> домена." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -6012,7 +6101,7 @@ msgstr "" "атрибут phone доступным через интерфейс D-Bus." #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -6046,12 +6135,12 @@ msgstr "" "ldap_user_extra_attrs = phone:telephoneNumber\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "РАЗДЕЛ ДОВЕРЕННЫХ ДОМЕНОВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -6069,57 +6158,57 @@ msgstr "" "поддерживаются следующие параметры:" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "ldap_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "ldap_user_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "ldap_group_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "ldap_netgroup_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "ldap_service_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "ldap_sasl_mech," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "ad_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "ad_backup_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "ad_site," #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "use_fully_qualified_names" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." @@ -6128,12 +6217,12 @@ msgstr "" "справочной странице." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "РАЗДЕЛ СОПОСТАВЛЕНИЯ СЕРТИФИКАТОВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -6156,7 +6245,7 @@ msgstr "" "проверки подлинности." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -6167,7 +6256,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>)." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -6180,12 +6269,12 @@ msgstr "" "replaceable>]</quote>. В этом разделе допустимы следующие параметры:" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "matchrule (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." @@ -6194,7 +6283,7 @@ msgstr "" "соответствуют этому правилу. Все остальные будут игнорироваться." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" @@ -6204,17 +6293,17 @@ msgstr "" "<quote>clientAuth</quote>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "maprule (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "Определяет способ поиска пользователя для указанного сертификата." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." @@ -6224,7 +6313,7 @@ msgstr "" "quote>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." @@ -6233,12 +6322,12 @@ msgstr "" "пользователя с таким же именем." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "domains (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -6251,17 +6340,17 @@ msgstr "" "параметра можно добавить правило также и в поддомены." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "По умолчанию: настроенный домен в sssd.conf" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "priority (целое число)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -6272,12 +6361,12 @@ msgstr "" "приоритет, а <quote>4294967295</quote> — самый низкий." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "По умолчанию: самый низкий приоритет" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" @@ -6287,7 +6376,7 @@ msgstr "" "свойства:" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" @@ -6296,7 +6385,7 @@ msgstr "" "RULE_NAME" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -6309,17 +6398,17 @@ msgstr "" "<quote>({subject_rfc822_name.short_name})</quote>" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "параметр <quote>domains</quote> игнорируется" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "РАЗДЕЛ НАСТРОЙКИ ЗАПРОСОВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -6334,7 +6423,7 @@ msgstr "" "запросит у пользователя соответствующие учётные данные." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -6347,22 +6436,22 @@ msgstr "" "Следующие параметры обеспечивают более гибкую настройку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "password_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "изменить строку запроса пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -6371,37 +6460,37 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "[prompting/2fa]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "изменить строку запроса первого фактора" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "second_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "изменить строку запроса второго фактора" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "single_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -6414,7 +6503,7 @@ msgstr "" "фактора, даже если второй фактор является необязательным." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -6427,19 +6516,19 @@ msgstr "" "пароль, либо оба фактора, следует использовать двухэтапный запрос." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4514 #, fuzzy #| msgid "[prompting/password]" msgid "[prompting/passkey]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -6447,47 +6536,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4530 #, fuzzy #| msgid "interactive" msgid "interactive_prompt" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4532 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the interactive prompt." msgstr "изменить строку запроса пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4545 #, fuzzy #| msgid "first_prompt" msgid "touch_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4547 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the touch prompt." msgstr "изменить строку запроса пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4516 #, fuzzy #| msgid "" #| "to configure password prompting, allowed options are: <placeholder " @@ -6500,7 +6589,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4467 #, fuzzy #| msgid "" #| "Each supported authentication method has its own configuration subsection " @@ -6519,7 +6608,7 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -6530,12 +6619,12 @@ msgstr "" "конкретно для этой службы." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "ПРИМЕРЫ" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -6589,7 +6678,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -6601,7 +6690,7 @@ msgstr "" "документации. <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -6611,7 +6700,7 @@ msgstr "" "use_fully_qualified_names = false\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -6628,7 +6717,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4615 #, fuzzy, no-wrap #| msgid "" #| "[certmap/my.domain/rule_name]\n" @@ -6656,7 +6745,7 @@ msgstr "" "matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$<SUBJECT>^CN=User.Name,DC=MY,DC=DOMAIN$\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4609 #, fuzzy #| msgid "" #| "3. The following example shows the configuration for two certificate " @@ -6730,14 +6819,23 @@ msgstr "Возможно настроить SSSD на использование #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" "Внутренний сервер LDAP поддерживает поставщиков данных идентификаторов (id), " "проверки подлинности (auth), управления доступом (access) и смены пароля " @@ -6750,19 +6848,19 @@ msgstr "" "конфигурации <quote>ldap_access_filter</quote>." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "ПАРАМЕТРЫ КОНФИГУРАЦИИ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "ldap_uri, ldap_backup_uri (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -6778,17 +6876,17 @@ msgstr "" "quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "Формат URI должен соответствовать формату, определённому в RFC 2732:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<host>[:port]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" @@ -6796,17 +6894,17 @@ msgstr "" "[]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "пример: ldap://[fc00::126:25]:389" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -6819,31 +6917,31 @@ msgstr "" "в разделе <quote>ОТРАБОТКА ОТКАЗА</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "Для включения обнаружения служб необходимо установить значение параметра " "ldap_chpass_dns_service_name." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "По умолчанию: пусто, то есть используется ldap_uri." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "ldap_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" "Стандартное base DN, которое следует использовать для выполнения действий от " "имени пользователя LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" @@ -6852,19 +6950,19 @@ msgstr "" "следующий синтаксис:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" "Значением области может быть одно из следующих: «base», «onelevel» или " "«subtree»." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" @@ -6873,13 +6971,13 @@ msgstr "" "http://www.ietf.org/rfc/rfc2254.txt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "Примеры:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" @@ -6888,7 +6986,7 @@ msgstr "" "dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" @@ -6897,7 +6995,7 @@ msgstr "" "(host=thishost)?dc=example.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -6910,7 +7008,7 @@ msgstr "" "поведению программы на клиентских компьютерах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -6927,12 +7025,12 @@ msgstr "" "LDAP. Использование нескольких значений не поддерживается." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "ldap_schema (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -6943,32 +7041,32 @@ msgstr "" "может различаться и способ обработки некоторых атрибутов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "В настоящее время поддерживаются четыре типа схем:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "rfc2307bis" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -6985,39 +7083,39 @@ msgstr "" "соответствовать значениям 2008r2 Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "По умолчанию: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "ldap_pwmodify_mode (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" "Позволяет указать действие, которое выполняется для смены пароля " "пользователя." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "В настоящее время поддерживаются два режима:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "exop — расширенное действие по изменению пароля (RFC 3062)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "ldap_modify — прямое изменение userPassword (не рекомендуется)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -7030,54 +7128,54 @@ msgstr "" "пользователя должны быть права на запись в атрибут userPassword." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "По умолчанию: exop" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" "Стандартное DN привязки, которое следует использовать для выполнения " "действий LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "Тип маркера проверки подлинности для bind DN по умолчанию." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "В настоящее время поддерживаются два механизма:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "По умолчанию: password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." @@ -7087,22 +7185,22 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "Маркер проверки подлинности стандартного DN привязки." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -7115,12 +7213,12 @@ msgstr "" "следует использовать название области в верхнем регистре." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." @@ -7129,12 +7227,12 @@ msgstr "" "перечисленных записей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "ldap_purge_cache_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -7145,7 +7243,7 @@ msgstr "" "выполняли вход) и удалять эти записи для экономии места." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -7159,12 +7257,12 @@ msgstr "" "включено." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -7176,7 +7274,7 @@ msgstr "" "SSSD. Если используется схема RFC2307, этот параметр ни на что не влияет." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -7193,7 +7291,7 @@ msgstr "" "исходного поиска, когда он будет выполнен повторно." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -7209,12 +7307,12 @@ msgstr "" "для ограничения вложенности групп." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "По умолчанию: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." @@ -7224,25 +7322,25 @@ msgstr "" "выше." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "По умолчанию: True для AD и IPA, в ином случае — False." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "ldap_host_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" "Необязательный параметр. Использовать указанную строку как базу поиска " "объектов узлов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." @@ -7251,32 +7349,32 @@ msgstr "" "<quote>ldap_search_base</quote>." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "По умолчанию: значение <emphasis>ldap_search_base</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "ldap_service_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "ldap_iphost_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "ldap_ipnetwork_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -7287,7 +7385,7 @@ msgstr "" "результаты (и выполнен переход в автономный режим)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -7297,12 +7395,12 @@ msgstr "" "его заменит ряд тайм-аутов для отдельных типов поиска." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -7314,12 +7412,12 @@ msgstr "" "автономный режим)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -7336,12 +7434,12 @@ msgstr "" "<manvolnum>2</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -7355,12 +7453,12 @@ msgstr "" "расширенного действия по смене пароля и действия StartTLS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -7374,7 +7472,7 @@ msgstr "" "значений (значение этого параметра или значение времени жизни TGT)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -7392,7 +7490,7 @@ msgstr "" "<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" @@ -7401,17 +7499,17 @@ msgstr "" "параметра <emphasis>ldap_connection_expire_offset</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "По умолчанию: 900 (15 минут)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "ldap_connection_expire_offset (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." @@ -7420,12 +7518,12 @@ msgstr "" "<emphasis>ldap_connection_expire_timeout</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 msgid "ldap_connection_idle_timeout (integer)" msgstr "ldap_connection_idle_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -7436,17 +7534,17 @@ msgstr "" "бездействует дольше этого времени, соединение будет закрыто." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "Можно отключить этот тайм-аут, установив значение «0»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." @@ -7456,12 +7554,12 @@ msgstr "" "количества на один запрос." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "ldap_disable_paging (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -7473,7 +7571,7 @@ msgstr "" "работает надлежащим образом." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." @@ -7483,7 +7581,7 @@ msgstr "" "RootDSE, но не смогут использовать его." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -7495,17 +7593,17 @@ msgstr "" "привести к отказам в выполнении некоторых из них." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "ldap_disable_range_retrieval (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "Отключить получение диапазонов Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -7521,12 +7619,12 @@ msgstr "" "большие группы будут показаны как группы без участников." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "ldap_sasl_minssf (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -7537,19 +7635,19 @@ msgstr "" "Значение этого параметра определяется OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" "По умолчанию: использовать стандартное системное значение (обычно " "указывается в ldap.conf)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "ldap_sasl_maxssf (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -7560,12 +7658,12 @@ msgstr "" "Значение этого параметра определяется OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -7577,7 +7675,7 @@ msgstr "" "для каждого из них по отдельности." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -7594,7 +7692,7 @@ msgstr "" "поддерживает его и объявляет управление разыменованием в объекте rootDSE." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -7607,7 +7705,7 @@ msgstr "" "OpenLDAP и Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -7618,12 +7716,12 @@ msgstr "" "независимо от значения этого параметра." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "ldap_ignore_unreadable_references (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -7635,7 +7733,7 @@ msgstr "" "игнорирования нечитаемой записи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -7647,12 +7745,12 @@ msgstr "" "безопасности." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -7661,7 +7759,7 @@ msgstr "" "в сеансе TLS, если это требуется. Можно указать одно из следующих значений:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -7670,7 +7768,7 @@ msgstr "" "сертификаты сервера." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -7682,7 +7780,7 @@ msgstr "" "продолжится в обычном режиме." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -7693,7 +7791,7 @@ msgstr "" "предоставлен ошибочный сертификат, сеанс немедленно будет завершён." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -7704,22 +7802,22 @@ msgstr "" "немедленно будет завершён." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = аналогично <quote>demand</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "По умолчанию: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -7728,7 +7826,7 @@ msgstr "" "сертификации, которые распознаются <command>sssd</command>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -7737,12 +7835,12 @@ msgstr "" "хранятся в <filename>/etc/openldap/ldap.conf</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -7755,32 +7853,32 @@ msgstr "" "использовать команду <command>cacertdir_rehash</command>, если она доступна." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "Позволяет указать файл, который содержит сертификат для ключа клиента." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "Позволяет указать файл, который содержит ключ клиента." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -7792,26 +7890,31 @@ msgstr "" "<manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" "Позволяет указать, что подключение id_provider должно также использовать " "<systemitem class=\"protocol\">tls</systemitem> для защиты канала." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "ldap_id_mapping (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -7823,19 +7926,19 @@ msgstr "" "ldap_group_gid_number." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" "В настоящее время эта функциональная возможность поддерживает только " "сопоставление objectSID Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "ldap_min_id, ldap_max_id (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -7855,17 +7958,17 @@ msgstr "" "другие диапазоны для сопоставления идентификаторов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "По умолчанию: не задано (оба параметра установлены в значение 0)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." @@ -7874,7 +7977,7 @@ msgstr "" "время протестированы и поддерживаются только GSSAPI и GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -7892,12 +7995,12 @@ msgstr "" "manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -7917,7 +8020,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -7937,17 +8040,17 @@ msgstr "" "найдены, возвращается первый участник из таблицы ключей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "По умолчанию: host/hostname@REALM" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "ldap_sasl_realm (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -7958,17 +8061,17 @@ msgstr "" "ldap_sasl_authid также содержит область, этот параметр игнорируется." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "По умолчанию: значение krb5_realm." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." @@ -7978,36 +8081,36 @@ msgstr "" "привязки SASL." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "По умолчанию: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" "Позволяет указать таблицу ключей, которую следует использовать при " "использовании проверки подлинности с помощью SASL/GSSAPI/GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "По умолчанию: системная таблица ключей, обычно <filename>/etc/krb5.keytab</" "filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -8018,12 +8121,12 @@ msgstr "" "используется SASL и выбран механизм GSSAPI или GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" @@ -8031,17 +8134,17 @@ msgstr "" "GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "По умолчанию: 86400 (24 часа)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "krb5_server, krb5_backup_server (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -8060,7 +8163,7 @@ msgstr "" "сведения доступны в разделе <quote>ОБНАРУЖЕНИЕ СЛУЖБ</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -8072,7 +8175,7 @@ msgstr "" "в которых в качестве протокола указан _tcp." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -8083,31 +8186,31 @@ msgstr "" "перейти на использование <quote>krb5_server</quote> в файлах конфигурации." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" "Позволяет указать область Kerberos (для проверки подлинности с помощью SASL/" "GSSAPI/GSS-SPNEGO)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" "По умолчанию: стандартные параметры системы, см. <filename>/etc/krb5.conf</" "filename>" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" @@ -8117,12 +8220,12 @@ msgstr "" ">= 1.7" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "krb5_use_kdcinfo (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -8137,7 +8240,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -8148,12 +8251,12 @@ msgstr "" "<manvolnum>8</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -8162,7 +8265,7 @@ msgstr "" "клиента. Допускаются следующие значения:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -8171,7 +8274,7 @@ msgstr "" "параметра нельзя отключить политики паролей на стороне сервера." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -8184,7 +8287,7 @@ msgstr "" "пароля. См. также опцию «ldap_chpass_update_last_change»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -8196,7 +8299,7 @@ msgstr "" "chpass_provider=krb5." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." @@ -8206,18 +8309,18 @@ msgstr "" "этого параметра." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" "Позволяет указать, следует ли включить автоматическое прослеживание ссылок." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -8226,7 +8329,7 @@ msgstr "" "случае, если сервис собран с OpenLDAP версии 2.4.13 или выше." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -8248,29 +8351,29 @@ msgstr "" "домена AD, это не позволило бы получить дополнительные данные." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "Позволяет указать имя службы, которое будет использоваться, когда включено " "обнаружение служб." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "По умолчанию: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." @@ -8279,17 +8382,17 @@ msgstr "" "менять пароль, когда включено обнаружение служб." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "По умолчанию: не задано, то есть обнаружение служб отключено" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "ldap_chpass_update_last_change (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." @@ -8298,7 +8401,7 @@ msgstr "" "данными о количестве дней с момента выполнения действия по смены пароля." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -8311,12 +8414,12 @@ msgstr "" "SSSD должен обновить его." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -8345,12 +8448,12 @@ msgstr "" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "Пример:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -8362,7 +8465,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." @@ -8371,7 +8474,7 @@ msgstr "" "атрибут employeeType которых установлен в значение «admin»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -8386,17 +8489,17 @@ msgstr "" "в автономном режиме." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "По умолчанию: пусто" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." @@ -8405,7 +8508,7 @@ msgstr "" "доступом на стороне клиента." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -8416,12 +8519,12 @@ msgstr "" "соответствующим кодом ошибки, даже если пароль верен." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "Допускаются следующие значения:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." @@ -8430,7 +8533,7 @@ msgstr "" "для определения того, не истёк ли срок действия учётной записи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -8443,7 +8546,7 @@ msgstr "" "не истёк ли срок действия учётной записи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -8454,7 +8557,7 @@ msgstr "" "разрешён ли доступ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -8467,7 +8570,7 @@ msgstr "" "Если все атрибуты отсутствуют, доступ предоставляется." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -8478,24 +8581,24 @@ msgstr "" "использовать параметр ldap_account_expire_policy." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "ldap_access_order (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "Разделённый запятыми список параметров управления доступом. Допустимые " "значения:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis>: использовать ldap_access_filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -8511,7 +8614,7 @@ msgstr "" "«access_provider = ldap»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" @@ -8521,7 +8624,7 @@ msgstr "" "следующей версии. </emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -8544,12 +8647,12 @@ msgstr "" "возможности необходимо задать «access_provider = ldap»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "<emphasis>expire</emphasis>: использовать ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -8563,31 +8666,31 @@ msgstr "" "и для проверки подлинности используются не пароли, а, например, ключи SSH." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." @@ -8597,7 +8700,7 @@ msgstr "" "паролей в качестве значения параметра «ldap_pwd_policy»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" @@ -8606,14 +8709,14 @@ msgstr "" "authorizedService для определения возможности доступа" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" "<emphasis>host</emphasis>: использовать атрибут host для определения " "возможности доступа" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" @@ -8622,7 +8725,7 @@ msgstr "" "возможности доступа удалённого узла" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" @@ -8632,12 +8735,12 @@ msgstr "" "прежде чем включать этот параметр управления доступом" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "По умолчанию: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." @@ -8646,12 +8749,12 @@ msgstr "" "ошибкой конфигурации." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "ldap_pwdlockout_dn (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -8664,22 +8767,22 @@ msgstr "" "невозможности надлежащим образом проверить атрибуты ppolicy на сервере LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "Пример: cn=ppolicy,ou=policies,dc=example,dc=com" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "По умолчанию: cn=ppolicy,ou=policies,$ldap_search_base" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "ldap_deref (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" @@ -8688,12 +8791,12 @@ msgstr "" "выполнении поиска. Допустимые варианты:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "<emphasis>never</emphasis>: разыменование псевдонимов не выполняется." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." @@ -8703,7 +8806,7 @@ msgstr "" "объекта поиска." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." @@ -8712,7 +8815,7 @@ msgstr "" "при определении расположения базового объекта поиска." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." @@ -8721,7 +8824,7 @@ msgstr "" "поиске, так и при определении расположения базового объекта поиска." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -8730,12 +8833,12 @@ msgstr "" "клиентскими библиотеками LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "ldap_rfc2307_fallback_to_local_users (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -8744,7 +8847,7 @@ msgstr "" "серверов, которые используют схему RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -8761,7 +8864,7 @@ msgstr "" "информацию о пользователе через вызовы getpw*() или initgroups()." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -8773,12 +8876,12 @@ msgstr "" "группами LDAP." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "wildcard_limit (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." @@ -8787,24 +8890,24 @@ msgstr "" "поиска с использованием подстановочных знаков." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" "В настоящее время только ответчик InfoPipe поддерживает поиск с " "использованием подстановочных знаков." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "По умолчанию: 1000 (часто размер одной страницы)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "ldap_library_debug_level (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." @@ -8813,7 +8916,7 @@ msgstr "" "записываются независимо от общего debug_level." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." @@ -8822,12 +8925,12 @@ msgstr "" "компонентов, -1 включает полный отладочный вывод." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "По умолчанию: 0 (отладка libldap отключена)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -8847,12 +8950,12 @@ msgstr "" "</citerefentry>. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "ПАРАМЕТРЫ SUDO" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -8863,12 +8966,12 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "ldap_sudo_full_refresh_interval (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." @@ -8877,7 +8980,7 @@ msgstr "" "загружаются все правила, которые хранятся на сервере)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" @@ -8886,7 +8989,7 @@ msgstr "" "<emphasis>ldap_sudo_smart_refresh_interval </emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." @@ -8895,17 +8998,17 @@ msgstr "" "Но должно быть включено либо интеллектуальное, либо полное обновление." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "По умолчанию: 21600 (6 часов)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "ldap_sudo_smart_refresh_interval (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -8917,7 +9020,7 @@ msgstr "" "в настоящее время известно SSSD)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." @@ -8926,7 +9029,7 @@ msgstr "" "modifyTimestamp." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -8942,7 +9045,7 @@ msgstr "" "<emphasis>ldap_connection_expire_timeout</emphasis>)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." @@ -8952,12 +9055,12 @@ msgstr "" "обновление." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "ldap_sudo_random_offset (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -8968,7 +9071,7 @@ msgstr "" "периодического задания. Значение указывается в секундах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -8979,17 +9082,17 @@ msgstr "" "время, в течение которого правила sudo недоступны для использования." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "Можно отключить эту задержку, установив значение «0»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "ldap_sudo_use_host_filter (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." @@ -8999,12 +9102,12 @@ msgstr "" "адресов узлов/сетей в формате IPv4 или IPv6)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "ldap_sudo_hostnames (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." @@ -9013,7 +9116,7 @@ msgstr "" "следует использовать для фильтрации правил." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." @@ -9022,8 +9125,8 @@ msgstr "" "обнаружить имя узла и полное доменное имя." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." @@ -9032,17 +9135,17 @@ msgstr "" "<emphasis>false</emphasis>, этот параметр ни на что не влияет." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "По умолчанию: не указано" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "ldap_sudo_ip (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." @@ -9051,7 +9154,7 @@ msgstr "" "следует использовать для фильтрации правил." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." @@ -9060,12 +9163,12 @@ msgstr "" "обнаружить адреса." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "ldap_sudo_include_netgroups (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." @@ -9074,12 +9177,12 @@ msgstr "" "правила, которые содержат сетевую группу в атрибуте sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "ldap_sudo_include_regexp (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." @@ -9088,7 +9191,7 @@ msgstr "" "правила, которые содержат подстановочный знак в атрибуте sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" @@ -9097,7 +9200,7 @@ msgstr "" "операция на стороне сервера LDAP!" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -9110,12 +9213,12 @@ msgstr "" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "ПАРАМЕТРЫ AUTOFS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." @@ -9124,47 +9227,47 @@ msgstr "" "схемы LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "ldap_autofs_map_master_name (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "Имя основной карты автоматического монтирования в LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "По умолчанию: auto.master" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "ДОПОЛНИТЕЛЬНЫЕ ПАРАМЕТРЫ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "<note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -9177,22 +9280,22 @@ msgstr "" "эту возможность, если имена групп отображаются некорректно." #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "</note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "ldap_sudo_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "ldap_autofs_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -9205,14 +9308,14 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "ПРИМЕР" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -9223,7 +9326,7 @@ msgstr "" "<replaceable>[domains]</replaceable>." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -9243,20 +9346,20 @@ msgstr "" "cache_credentials = true\n" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "ПРИМЕР ФИЛЬТРА ДОСТУПА LDAP" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." @@ -9265,7 +9368,7 @@ msgstr "" "используется ldap_access_order=lockout." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -9291,13 +9394,13 @@ msgstr "" "cache_credentials = true\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "ПРИМЕЧАНИЯ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -12254,12 +12357,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "Пример: dyndns_iface = em1, vnet1, vnet2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "dyndns_auth (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -12270,17 +12373,17 @@ msgstr "" "отправлять, установив этот параметр в значение «none»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "По умолчанию: GSS-TSIG" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "dyndns_auth_ptr (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -12291,7 +12394,7 @@ msgstr "" "отправлять, установив этот параметр в значение «none»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "По умолчанию: то же, что и dyndns_auth" @@ -12370,17 +12473,24 @@ msgstr "" "автоматически при смене записей перенаправления." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "По умолчанию: false (отключено)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "dyndns_force_tcp (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." @@ -12389,17 +12499,17 @@ msgstr "" "с сервером DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "По умолчанию: false (разрешить nsupdate выбрать протокол)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "dyndns_server (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." @@ -12409,7 +12519,7 @@ msgstr "" "параметра." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." @@ -12418,7 +12528,7 @@ msgstr "" "отличается от сервера данных идентификации." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." @@ -12428,17 +12538,17 @@ msgstr "" "использованием автоматически определённых параметров завершилась неудачей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "По умолчанию: none (разрешить nsupdate выбрать сервер)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "dyndns_update_per_family (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -12449,21 +12559,21 @@ msgstr "" "обновление IPv4 и IPv6 за один шаг." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "ldap_access_order (string)" msgid "ipa_access_order (string)" msgstr "ldap_access_order (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 #, fuzzy #| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "<emphasis>expire</emphasis>: использовать ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 #, fuzzy #| msgid "" #| "Please note that 'access_provider = ldap' must be set for this feature to " @@ -12478,12 +12588,12 @@ msgstr "" "паролей в качестве значения параметра «ldap_pwd_policy»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "ipa_deskprofile_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." @@ -12492,17 +12602,17 @@ msgstr "" "объектов, связанных с профилями рабочего стола." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "По умолчанию: использовать base DN" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "ipa_subid_ranges_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." @@ -12511,98 +12621,98 @@ msgstr "" "объектов, связанных с подчиненными диапазонами объектов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "По умолчанию: значение <emphasis>cn=subids,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" "Необязательный параметр. Использовать указанную строку как базу поиска " "объектов, связанных с HBAC." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "ipa_host_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "Не рекомендуется. Используйте ldap_host_search_base." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "ipa_selinux_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" "Необязательный параметр. Использовать указанную строку как базу поиска карт " "пользователей SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "ipa_subdomains_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" "Необязательный параметр. Использовать указанную строку как базу поиска " "доверенных доменов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "По умолчанию: значение <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "ipa_master_domain_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" "Необязательный параметр. Использовать указанную строку как базу поиска " "объекта главного домена." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "По умолчанию: значение <emphasis>cn=ad,cn=etc,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "ipa_views_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" "Необязательный параметр. Использовать указанную строку как базу поиска " "контейнеров просмотра." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" "По умолчанию: значение <emphasis>cn=views,cn=accounts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." @@ -12611,7 +12721,7 @@ msgstr "" "значение <quote>ipa_domain</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." @@ -12620,12 +12730,12 @@ msgstr "" "DN, которое следует использовать для выполнения действий LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "krb5_confd_path (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." @@ -12634,7 +12744,7 @@ msgstr "" "конфигурации Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." @@ -12643,19 +12753,19 @@ msgstr "" "значение «none»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" "По умолчанию: не задано (подкаталог krb5.include.d каталога pubconf SSSD)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "ipa_deskprofile_refresh (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -12666,17 +12776,17 @@ msgstr "" "короткое время поступает много запросов на профили рабочего стола." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "По умолчанию: 5 (секунд)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "ipa_deskprofile_request_interval (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." @@ -12685,17 +12795,17 @@ msgstr "" "сервере IPA, если при последнем запросе не было возвращено ни одного правила." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "По умолчанию: 60 (минут)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -12706,12 +12816,12 @@ msgstr "" "поступает много запросов на управление доступом." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "ipa_hbac_selinux (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -12722,12 +12832,12 @@ msgstr "" "поступает много запросов на вход пользователей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "ipa_server_mode (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." @@ -12736,7 +12846,7 @@ msgstr "" "server-install). Оно определяет, работает SSSD на сервере IPA или нет." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." @@ -12745,7 +12855,7 @@ msgstr "" "доменов напрямую, но на клиенте SSSD отправит запрос серверу IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." @@ -12754,7 +12864,7 @@ msgstr "" "сервере IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -12765,7 +12875,7 @@ msgstr "" "установщиком IPA, поэтому вносить изменения вручную не требуется." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." @@ -12775,54 +12885,54 @@ msgstr "" "доменов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "ipa_automount_location (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" "Расположение автоматического монтирования, которое будет использовать этот " "клиент IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "По умолчанию: расположение с именем «default»" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "ПРЕДСТАВЛЕНИЯ И ПЕРЕОПРЕДЕЛЕНИЯ" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "ipa_view_class (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "Класс объектов контейнера просмотра." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "По умолчанию: nsContainer" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "ipa_view_name (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "Имя атрибута, в котором хранится имя представления." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -12830,27 +12940,27 @@ msgid "Default: cn" msgstr "По умолчанию: cn" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "ipa_override_object_class (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "Объектный класс переопределяемых объектов." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "По умолчанию: ipaOverrideAnchor" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "ipa_anchor_uuid (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." @@ -12858,17 +12968,17 @@ msgstr "" "Имя атрибута, содержащего ссылку на исходный объект в удалённом домене." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "По умолчанию: ipaAnchorUUID" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "ipa_user_override_object_class (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." @@ -12878,58 +12988,58 @@ msgstr "" "или группой." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" "Переопределения пользователя могут содержать атрибуты, указанные с помощью" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "ldap_user_name" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "ldap_user_uid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "ldap_user_gid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "ldap_user_gecos" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "ldap_user_home_directory" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "ldap_user_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "ldap_user_ssh_public_key" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "По умолчанию: ipaUserOverride" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "ipa_group_override_object_class (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." @@ -12939,27 +13049,27 @@ msgstr "" "группой." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "Переопределения группы могут содержать атрибуты, указанные с помощью" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "ldap_group_name" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "ldap_group_gid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "По умолчанию: ipaGroupOverride" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -12974,12 +13084,12 @@ msgstr "" "их стандартные значения. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "ПОСТАВЩИК ДАННЫХ ПОДДОМЕНОВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." @@ -12988,7 +13098,7 @@ msgstr "" "неявным образом, его поведение будет немного отличаться." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -12999,7 +13109,7 @@ msgstr "" "все запросы поддоменов отправляются серверу IPA." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -13018,12 +13128,12 @@ msgstr "" "сеть, поставщик данных поддоменов включается снова." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "КОНФИГУРАЦИЯ ДОВЕРЕННЫХ ДОМЕНОВ" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -13033,7 +13143,7 @@ msgstr "" "ad_server = dc.ad.domain.com\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -13048,7 +13158,7 @@ msgstr "" "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." @@ -13058,7 +13168,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." @@ -13068,12 +13178,12 @@ msgstr "" "или на клиенте IPA." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "ПАРАМЕТРЫ, КОТОРЫЕ МОЖНО НАСТРОИТЬ НА ОСНОВНЫХ СЕРВЕРАХ IPA" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" @@ -13081,49 +13191,49 @@ msgstr "" "параметры:" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "ad_server" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "ad_backup_server" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "ad_site" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "ldap_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "ldap_user_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "ldap_group_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "ПАРАМЕТРЫ, КОТОРЫЕ МОЖНО НАСТРОИТЬ НА КЛИЕНТАХ IPA" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" "В разделе поддомена на клиенте IPA можно настроить следующие параметры:" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." @@ -13132,7 +13242,7 @@ msgstr "" "<quote>ad_server</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -13155,7 +13265,7 @@ msgstr "" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -13166,7 +13276,7 @@ msgstr "" "примере показаны только параметры, относящиеся к поставщику данных IPA." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -14820,7 +14930,7 @@ msgstr "" "допустимое значение (60 секунд)." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -14831,7 +14941,7 @@ msgstr "" "примере показаны только параметры, относящиеся к поставщику данных AD." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -14855,7 +14965,7 @@ msgstr "" "ad_domain = example.com\n" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -14867,7 +14977,7 @@ msgstr "" "ldap_account_expire_policy = ad\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -14878,7 +14988,7 @@ msgstr "" "данных LDAP: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -14893,7 +15003,7 @@ msgstr "" "параметры подключения, такие как URI LDAP и параметры шифрования." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -21868,9 +21978,13 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" "Когда настроен этот параметр, домены будут выделяться, начиная с нулевого " "среза, с постепенным увеличением для каждого дополнительного домена." @@ -23051,6 +23165,20 @@ msgstr "" "узла и участника-пользователя. Эта возможность доступна в MIT Kerberos 1.7 и " "выше." +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "Этот параметр недоступен в поставщике данных IPA." + +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "Определяет, следует ли также кэшировать учётные данные пользователя в " +#~ "локальном кэше LDB" + #~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" #~ msgstr "" #~ "Учётные данные пользователя хранятся в хэше SHA512, а не в виде простого " @@ -23770,13 +23898,6 @@ msgstr "" #~ " -XPOST http://localhost/secrets/mycontainer/\n" #~ " " -#~ msgid "" -#~ "The following example creates a container named 'mycontainer': " -#~ "<placeholder type=\"programlisting\" id=\"0\"/>" -#~ msgstr "" -#~ "В следующем примере создаётся контейнер с именем «mycontainer»: " -#~ "<placeholder type=\"programlisting\" id=\"0\"/>" - #, no-wrap #~ msgid "" #~ "http://localhost/secrets/mycontainer/mysecret\n" diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot index 19368c3aa67..4775e7c800b 100644 --- a/src/man/po/sssd-docs.pot +++ b/src/man/po/sssd-docs.pot @@ -6,9 +6,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: sssd-docs 2.9.0\n" +"Project-Id-Version: sssd-docs 2.9.3\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -202,11 +202,11 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "" @@ -223,11 +223,11 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -261,8 +261,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -292,8 +292,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -357,19 +357,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "" @@ -391,7 +391,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "" @@ -411,12 +411,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> " "<manvolnum>3</manvolnum> </citerefentry>-compatible format that describes " @@ -425,39 +425,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -601,8 +601,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -872,7 +872,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -917,11 +917,11 @@ msgstr "" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -948,12 +948,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -962,22 +962,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -987,17 +987,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1007,17 +1007,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 msgid "Default: 60, KCM: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1028,14 +1028,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + " "random[0...offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1043,44 +1043,44 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 msgid "offline_timeout_max (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1089,58 +1089,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 msgid "Default: 3600" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 msgid "Default: 30" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1152,59 +1152,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 -#: sssd-ldap.5.xml:331 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) " "service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1212,7 +1212,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1222,7 +1222,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1231,17 +1231,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1249,17 +1249,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1267,17 +1267,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1286,7 +1286,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1295,39 +1295,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1335,23 +1335,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1359,46 +1359,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in " "<quote>/etc/shells</quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in " "<quote>/etc/shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1406,56 +1406,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the " "machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during " "lookup. This option can be specified globally in the [nss] section or " @@ -1463,58 +1463,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd " @@ -1522,25 +1522,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 msgid "memcache_size_group (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1548,19 +1548,19 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1568,12 +1568,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 msgid "memcache_size_sid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1582,12 +1582,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1599,43 +1599,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 msgid "Default: <quote>*</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), " @@ -1644,60 +1644,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1705,59 +1705,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during " "authentication. The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1766,51 +1766,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1821,22 +1821,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1844,7 +1844,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a " @@ -1854,17 +1854,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1872,7 +1872,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be " @@ -1880,24 +1880,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting " "<emphasis>pwd_expiration_warning</emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1907,74 +1907,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -1982,19 +1982,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2002,40 +2002,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2043,34 +2043,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2080,7 +2080,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2088,58 +2088,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 msgid "passkey_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2147,7 +2147,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2159,63 +2159,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2223,12 +2223,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2239,7 +2239,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2247,7 +2247,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = " @@ -2256,7 +2256,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2265,46 +2265,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2313,31 +2313,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> " "(dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2345,7 +2345,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2353,22 +2353,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2376,25 +2376,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2402,7 +2402,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2417,7 +2417,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to " "<quote>-</quote> (dash). To disable the check for a specific PAM service, " @@ -2425,45 +2425,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2471,7 +2471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2479,17 +2479,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> " @@ -2501,24 +2501,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2529,22 +2529,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2552,51 +2552,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2606,12 +2606,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2621,7 +2621,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2629,7 +2629,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2638,38 +2638,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2680,7 +2680,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2691,24 +2691,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2716,12 +2716,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2730,24 +2730,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 msgid "pac_check (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2758,24 +2758,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2783,24 +2783,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2812,7 +2812,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2823,60 +2823,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> " @@ -2887,66 +2887,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording " "enabled. Matches user names as returned by NSS. I.e. after the possible " @@ -2954,17 +2954,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -2972,7 +2972,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -2981,56 +2981,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 msgid "exclude_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3040,12 +3040,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3054,14 +3054,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3070,38 +3070,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For " @@ -3110,24 +3110,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3136,29 +3136,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3172,14 +3172,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3188,39 +3188,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3229,19 +3229,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3252,139 +3252,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3393,17 +3393,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3415,23 +3415,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 -msgid "Determines if user credentials are also cached in the local LDB cache." +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication " +"mechanisms. Passkey and Smartcard authentications are expected to work " +"offline as long as a successful online authentication is recorded in the " +"cache without additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3440,12 +3446,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3453,19 +3459,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3474,17 +3480,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3493,29 +3499,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> " "<refentrytitle>sssd-files</refentrytitle> <manvolnum>5</manvolnum> " @@ -3524,7 +3530,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " @@ -3532,18 +3538,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> " @@ -3551,19 +3557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified " "names. For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3572,7 +3578,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3580,24 +3586,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3609,7 +3615,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3617,30 +3623,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " @@ -3648,7 +3654,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> " @@ -3656,29 +3662,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3170 msgid "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3686,19 +3692,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> " @@ -3707,7 +3713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> " @@ -3716,29 +3722,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " @@ -3747,7 +3753,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> " @@ -3755,34 +3761,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3284 msgid "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " @@ -3790,32 +3796,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3826,7 +3832,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3835,12 +3841,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3848,7 +3854,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3857,31 +3863,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3890,7 +3896,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3899,17 +3905,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3917,41 +3923,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3430 msgid "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3449 msgid "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " @@ -3959,7 +3965,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> " @@ -3967,7 +3973,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> " @@ -3975,24 +3981,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -4001,31 +4007,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " @@ -4034,7 +4040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4043,12 +4049,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4058,7 +4064,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3560 msgid "" "Default: " "<quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>[^@]+))$</quote> " @@ -4066,17 +4072,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: " "<quote>^(((?P<domain>[^\\\\]+)\\\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<name>[^@\\\\]+)))$</quote> " @@ -4084,19 +4090,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4106,88 +4112,88 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3679 msgid "dns_resolver_server_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3687 msgid "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3702 msgid "dns_resolver_op_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4195,12 +4201,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is " @@ -4209,12 +4215,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3743 msgid "dns_resolver_use_search_list (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4222,7 +4228,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4230,69 +4236,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4300,31 +4306,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4332,104 +4338,104 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3858 msgid "ldap_offline_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3861 msgid "ldap_enumeration_refresh_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3880 msgid "ldap_enumeration_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3883 msgid "ldap_connection_expire_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3886 msgid "ldap_connection_expire_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4437,27 +4443,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4467,32 +4473,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3940 msgid "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3952 msgid "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4501,19 +4507,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4521,24 +4527,92 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3989 +msgid "local_auth_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, " +"enable. <quote>match</quote> is used to match offline and online states for " +"Kerberos methods. <quote>only</quote> ignores the online methods and only " +"offer the local ones. enable allows explicitly defining the methods for " +"local authentication. As an example, <quote>enable:passkey</quote>, only " +"enables passkey for local authentication. Multiple enable values should be " +"comma-separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +msgid "Default: match" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4547,24 +4621,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4574,14 +4648,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4589,21 +4663,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4611,7 +4685,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4620,7 +4694,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4629,7 +4703,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called " @@ -4638,29 +4712,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4668,12 +4743,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4681,12 +4756,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4695,12 +4770,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4708,19 +4783,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> " "<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> " @@ -4738,7 +4813,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4746,17 +4821,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4765,7 +4840,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4775,7 +4850,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4795,12 +4870,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called " @@ -4811,69 +4886,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4887,7 +4962,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4895,7 +4970,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like " @@ -4904,55 +4979,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -4961,17 +5036,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -4979,26 +5054,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like " @@ -5007,17 +5082,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4452 msgid "" "If a special file " "(<filename>/var/lib/sss/pubconf/pam_preauth_available</filename>) exists " @@ -5027,7 +5102,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5036,59 +5111,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5097,7 +5172,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5106,17 +5181,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5124,46 +5199,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5172,7 +5247,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, " "e.g. <quote>[prompting/password/sshd]</quote> to individual change the " @@ -5180,12 +5255,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5215,7 +5290,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5224,7 +5299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5232,7 +5307,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5243,7 +5318,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5254,7 +5329,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5309,26 +5384,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is " "required. <command>sssd</command> <emphasis>does not</emphasis> support " -"authentication over an unencrypted channel. If the LDAP server is used only " -"as an identity provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"authentication over an unencrypted channel. Even if the LDAP server is used " +"only as an identity provider, an encrypted channel is strongly " +"recommended. Please refer to <quote>ldap_access_filter</quote> config option " +"for more information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the " @@ -5339,32 +5414,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a " @@ -5373,71 +5448,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by " "http://www.ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = " "cn=host_specific,dc=example,dc=com?subtree?(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5446,7 +5521,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5457,12 +5532,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5470,32 +5545,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5506,37 +5581,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5545,74 +5620,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5621,24 +5696,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5646,7 +5721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5655,12 +5730,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups " "(e.g. RFC2307bis), then this option controls how many levels of nesting SSSD " @@ -5668,7 +5743,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5678,7 +5753,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5688,67 +5763,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5756,7 +5831,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5764,12 +5839,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5777,12 +5852,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> " @@ -5793,12 +5868,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5807,12 +5882,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5821,7 +5896,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5832,36 +5907,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 msgid "ldap_connection_idle_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -5869,29 +5944,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single " "request. Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -5899,7 +5974,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use " @@ -5907,7 +5982,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -5915,17 +5990,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -5935,12 +6010,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -5948,17 +6023,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -5966,12 +6041,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -5979,7 +6054,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to " "0. Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -5990,7 +6065,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -5999,7 +6074,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6007,12 +6082,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6020,7 +6095,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6028,26 +6103,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6055,7 +6130,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6063,7 +6138,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6071,41 +6146,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in " "<filename>/etc/openldap/ldap.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6114,32 +6189,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6147,24 +6222,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. " +"<emphasis>true</emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6172,17 +6248,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6193,24 +6269,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6221,12 +6297,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6239,7 +6315,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6251,17 +6327,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6269,49 +6345,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6319,29 +6395,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is " "used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of " @@ -6353,7 +6429,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6361,7 +6437,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of " "SSSD. While the legacy name is recognized for the time being, users are " @@ -6370,39 +6446,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6412,7 +6488,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " @@ -6421,26 +6497,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client " "side. The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use " "<citerefentry><refentrytitle>shadow</refentrytitle> " @@ -6450,7 +6526,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6458,31 +6534,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6495,51 +6571,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6548,12 +6624,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6570,12 +6646,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6584,14 +6660,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6600,24 +6676,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6625,19 +6701,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6646,7 +6722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, " "<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check " @@ -6654,7 +6730,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6663,7 +6739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option " "<emphasis>must</emphasis> include <quote>expire</quote> in order for the " @@ -6671,22 +6747,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6696,7 +6772,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the " "<quote>ppolicy</quote> option and might be removed in a future release. " @@ -6704,7 +6780,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6717,12 +6793,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6732,57 +6808,57 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control " @@ -6790,24 +6866,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6816,74 +6892,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -6894,7 +6970,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -6902,53 +6978,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -6960,12 +7036,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -6973,43 +7049,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval " "</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7017,14 +7093,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7034,19 +7110,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7054,7 +7130,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7062,106 +7138,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is " "<emphasis>false</emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7170,59 +7246,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7231,22 +7307,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7255,14 +7331,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7270,7 +7346,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7283,27 +7359,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7319,13 +7395,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9660,12 +9736,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9673,17 +9749,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9691,7 +9767,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9751,65 +9827,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9817,176 +9900,176 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 msgid "ipa_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -9994,34 +10077,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10029,12 +10112,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10042,33 +10125,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10076,59 +10159,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10136,128 +10219,128 @@ msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10267,19 +10350,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10287,7 +10370,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of " "sssd.conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10299,12 +10382,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10312,7 +10395,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10322,7 +10405,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " @@ -10330,71 +10413,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10409,7 +10492,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and " "example.com is one of the domains in the <replaceable>[sssd]</replaceable> " @@ -10417,7 +10500,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11612,7 +11695,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and " "example.com is one of the domains in the <replaceable>[sssd]</replaceable> " @@ -11620,7 +11703,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11635,7 +11718,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11644,7 +11727,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11652,7 +11735,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11662,7 +11745,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -17290,7 +17373,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/sv.po b/src/man/po/sv.po index 92dc370dc52..ff51320c8e5 100644 --- a/src/man/po/sv.po +++ b/src/man/po/sv.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2023-02-15 14:20+0000\n" "Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n" "Language-Team: Swedish <https://translate.fedoraproject.org/projects/sssd/" @@ -243,11 +243,11 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Standard: true" @@ -266,11 +266,11 @@ msgstr "" "journald är aktiverat för SSSD-felsökningsloggning ignoreras denna flagga." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -311,8 +311,8 @@ msgstr "" "ingen effekt för andra loggningstyper)." #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -345,8 +345,8 @@ msgstr "" "att efter tre missade hjärtslag kommer processen avsluta sig själv." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Standard: 10" @@ -424,12 +424,12 @@ msgstr "" "”systemctl enable sssd-@service@.socket\". </phrase>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -438,7 +438,7 @@ msgstr "" "dataleverantörskrasch eller -omstart innan de ger upp" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Standard: 3" @@ -466,7 +466,7 @@ msgstr "" "understrykningstecken. Tecknet ”/” är förbjudet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (sträng)" @@ -491,12 +491,12 @@ msgstr "" "för mer information om dessa reguljära uttryck." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -507,32 +507,32 @@ msgstr "" "samman ett fullständigt kvalificerat namn från namn- och domänkomponenter." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "användarnamn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "domännamn som det anges i SSSD-konfigurationsfilen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." @@ -541,7 +541,7 @@ msgstr "" "direkt konfigurerade eller hittade via IPA-förtroenden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -747,8 +747,8 @@ msgstr "" "utdata inte kvalificerat ens när flaggan default_domain_suffix används." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -1098,7 +1098,7 @@ msgstr "" "användarnamn kan överlappa mellan domäner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Standard: inte satt" @@ -1153,11 +1153,11 @@ msgstr "pam_cert_verification (sträng)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -1198,12 +1198,12 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "TJÄNSTESEKTIONER" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -1216,22 +1216,22 @@ msgstr "" "<quote>[nss]</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "Allmänna alternativ för tjänstekonfiguration" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "Dessa alternativ kan användas för att konfigurera alla tjänster." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1246,17 +1246,17 @@ msgstr "" "och den ”hårda” gränsen i limits.conf." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "Standard: 8192 (eller den ”hårda” gränsen i limits.conf)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1271,17 +1271,17 @@ msgstr "" "konfigureras kommer det att justeras till 10 sekunder." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 msgid "Default: 60, KCM: 300" msgstr "Standard: 60, KCM: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "offline_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1298,7 +1298,7 @@ msgstr "" "försök att bli uppkopplat beräknas det nya intervallet om enligt följande:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" @@ -1307,7 +1307,7 @@ msgstr "" "slumpvärde[0…offline_timeout_random_offset]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1318,7 +1318,7 @@ msgstr "" "är 30. Slutresultatet är antalet sekunder före nästa omförsök." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." @@ -1327,18 +1327,18 @@ msgstr "" "offline_timeout_max (förutom slumpdelen)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "Standard: 60" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 msgid "offline_timeout_max (integer)" msgstr "offline_timeout_max (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." @@ -1347,12 +1347,12 @@ msgstr "" "misslyckat försök att koppla upp." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "Ett värde på 0 avaktiverar det ökande beteendet." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." @@ -1361,7 +1361,7 @@ msgstr "" "offline_timeout." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1374,7 +1374,7 @@ msgstr "" "åtminstone 4 gånger offline_timeout." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." @@ -1383,17 +1383,17 @@ msgstr "" "att åsidosätta värdet offline_timeout så det är inte så användbart." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 msgid "Default: 3600" msgstr "Standard: 3600" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "offline_timeout_random_offset (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" @@ -1402,7 +1402,7 @@ msgstr "" "angivna tidsintervall:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" @@ -1412,27 +1412,27 @@ msgstr "" "slumptal i intervallet:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "[0 – offline_timeout_random_offset]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "Ett värde på 0 avaktiverar tillägget av en slumpfördröjning." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 msgid "Default: 30" msgstr "Standard: 30" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "responder_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1451,18 +1451,18 @@ msgstr "" "antingen uttags- eller D-Bus-aktiverade." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 -#: sssd-ldap.5.xml:331 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "Standard: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "cache_first" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." @@ -1471,12 +1471,12 @@ msgstr "" "den frågar dataleverantörerna." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "NSS-konfigurationsalternativ" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -1484,12 +1484,12 @@ msgstr "" "Switch (NSS)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" @@ -1498,17 +1498,17 @@ msgstr "" "information om alla användare)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "Standard: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1519,7 +1519,7 @@ msgstr "" "för domänen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1534,7 +1534,7 @@ msgstr "" "framtida begäranden kommer behöva blockera i väntan på en cacheuppdatering." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1547,17 +1547,17 @@ msgstr "" "(0 avaktiverar denna funktion)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "Standard: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1568,17 +1568,17 @@ msgstr "" "bakänden tillfrågas igen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "Standard: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "local_negative_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1589,17 +1589,17 @@ msgstr "" "in alternativet till 0 avaktiverar denna funktion." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "Standard: 14400 (4 timmar)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1613,7 +1613,7 @@ msgstr "" "användarhuvudmansnamn (UPN)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1626,17 +1626,17 @@ msgstr "" "kommer fortfarande ha medlemsanvändarna i den senare listade." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "Standard: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" @@ -1644,12 +1644,12 @@ msgstr "" "sätt då detta alternativ till false." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "fallback_homedir (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." @@ -1658,7 +1658,7 @@ msgstr "" "anges av domänens dataleverantör." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" @@ -1666,7 +1666,7 @@ msgstr "" "override_homedir." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1676,23 +1676,23 @@ msgstr "" " " #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "exempel: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "Standard: inte satt (ingen ersättning för ej angivna hemkataloger)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "override_shell (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1703,30 +1703,30 @@ msgstr "" "sektionen [nss] eller per domän." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" "Standard: inte angivet (SSSD kommer använda värdet som hämtats från LDAP)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "allowed_shells (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" "Begränsa användarskal till ett av de listade värdena. Beräkningsordningen är:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "1. Om skalet finns i <quote>/etc/shells</quote> används det." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." @@ -1735,7 +1735,7 @@ msgstr "" "quote>, använd värdet på parametern shell_fallback." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." @@ -1744,12 +1744,12 @@ msgstr "" "shells</quote> används ett nologin-skal." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "Jokertecknet (*) kan användas för att tillåta godtyckligt skal." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1760,12 +1760,12 @@ msgstr "" "alla skal i allowed_shells skulle vara för mycket overhead." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "En tom sträng som skal skickas som den är till libc." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." @@ -1774,27 +1774,27 @@ msgstr "" "att en omstart av SSSD behövs ifall ett nytt skal installeras." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "Standard: inte satt. Användarens skal används automatiskt." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "vetoed_shells (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "Ersätt alla instanser av dessa skal med shell_fallback" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "shell_fallback (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" @@ -1802,17 +1802,17 @@ msgstr "" "maskinen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "Standard: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "default_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." @@ -1822,7 +1822,7 @@ msgstr "" "per domän." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" @@ -1831,12 +1831,12 @@ msgstr "" "libc ersätter med något rimligt när nödvändigt, vanligen /bin/sh)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "get_domains_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." @@ -1845,12 +1845,12 @@ msgstr "" "som giltiga." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "memcache_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." @@ -1860,7 +1860,7 @@ msgstr "" "minnet." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." @@ -1869,8 +1869,8 @@ msgstr "" "påverkan på SSSD:s prestanda och skall bara användas för testning." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." @@ -1879,12 +1879,12 @@ msgstr "" "klientprogram inte använda den snabba cachen i minnet." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "memcache_size_passwd (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1895,13 +1895,13 @@ msgstr "" "lösenords-cachen i minnet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "Standard: 8" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." @@ -1910,12 +1910,12 @@ msgstr "" "negativ påverkan på SSSD:s prestanda." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 msgid "memcache_size_group (integer)" msgstr "memcache_size_group (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1926,19 +1926,19 @@ msgstr "" "grupp-cachen i minnet." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Standard: 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "memcache_size_initgroups (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1949,12 +1949,12 @@ msgstr "" "initgrupp-cachen i minnet." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 msgid "memcache_size_sid (integer)" msgstr "memcache_size_sid (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1967,12 +1967,12 @@ msgstr "" "storleken till 0 kommer avaktivera SID-cachen i minnet." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "user_attributes (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1989,7 +1989,7 @@ msgstr "" "citerefentry> för detaljer) men utan standardvärden." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." @@ -1998,17 +1998,17 @@ msgstr "" "InfoPipe-alternativet om det inte är satt för NSS-respondenten." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "Standard: inte satt, gå tillbaka till InfoPipe-alternativet" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "pwfield (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." @@ -2017,12 +2017,12 @@ msgstr "" "returnera i fältet <quote>password</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 msgid "Default: <quote>*</quote>" msgstr "Standard: <quote>*</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." @@ -2031,7 +2031,7 @@ msgstr "" "värdet i [nss]-sektionen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 #, fuzzy #| msgid "" #| "Default: <quote>not set</quote> (remote domains), <quote>x</quote> (the " @@ -2048,12 +2048,12 @@ msgstr "" "shadowutils)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "PAM-konfigurationsalternativ" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." @@ -2062,12 +2062,12 @@ msgstr "" "Authentication Module (PAM)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." @@ -2077,17 +2077,17 @@ msgstr "" "inloggningen)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "Standard: 0 (ingen gräns)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." @@ -2096,12 +2096,12 @@ msgstr "" "inloggningsförsök är tillåtna." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." @@ -2110,7 +2110,7 @@ msgstr "" "har nåtts före ett nytt inloggningsförsök är möjligt." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -2121,17 +2121,17 @@ msgstr "" "autentisering kan aktivera autentisering utan uppkoppling igen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "Standard: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." @@ -2140,43 +2140,43 @@ msgstr "" "Ju högre tal desto fler meddelanden visas." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "För närvarande stödjs följande värden:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis>: visa inte några meddelanden" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis>: visa endast viktiga meddelanden" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis>: visa informationsmeddelanden" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" "<emphasis>3</emphasis>: visa alla meddelanden och felsökningsinformation" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "Standard: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "pam_response_filter (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -2189,7 +2189,7 @@ msgstr "" "användaren eller miljövariabler som skall sättas av pam_sss." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." @@ -2198,37 +2198,37 @@ msgstr "" "gör detta alternativ att man kan filtrera ut andra sorters svar dessutom." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "ENV" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "Skicka inte några miljövariabler till någon tjänst." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "ENV:varnamn" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "Skicka inte miljövariabeln varnamn till någon tjänst." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "ENV:varnamn:tjänst" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "Skicka inte miljövariabeln varnamn till tjänst." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -2237,7 +2237,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -2254,12 +2254,12 @@ msgstr "" "eller ”-” eller inget av dem. Det ses som ett fel att blanda båda sätten." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "Standard: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" @@ -2267,12 +2267,12 @@ msgstr "" "standardlistan" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -2283,7 +2283,7 @@ msgstr "" "till att autentisering sker med den senaste informationen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -2297,17 +2297,17 @@ msgstr "" "identitetsleverantören." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "Visa en varning N dagar före lösenordet går ut." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -2317,7 +2317,7 @@ msgstr "" "lösenordet. Om denna information saknas kan sssd inte visa någon varning." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -2326,7 +2326,7 @@ msgstr "" "mottogs från bakändeserver kommer den automatiskt visas." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." @@ -2335,17 +2335,17 @@ msgstr "" "<emphasis>pwd_expiration_warning</emphasis> för en viss domän." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "Standard: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "pam_trusted_users (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -2360,12 +2360,12 @@ msgstr "" "UID vid uppstart." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "Standard: alla användare betraktas som betrodda som standard" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." @@ -2374,12 +2374,12 @@ msgstr "" "inte är i listan pam_trusted_users." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "pam_public_domains (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." @@ -2388,20 +2388,20 @@ msgstr "" "betrodda användare." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" "Två speciella värden för alternativet pam_public_domains är definierade:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" "all (Ej betrodda användare tillåts komma åt alla domäner i PAM-respondenten.)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" @@ -2410,19 +2410,19 @@ msgstr "" "respondenten.)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "Standard: none" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "pam_account_expired_message (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." @@ -2431,7 +2431,7 @@ msgstr "" "standardmeddelandet ”åtkomst nekas”." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." @@ -2441,7 +2441,7 @@ msgstr "" "felsökningsinformation)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2451,12 +2451,12 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "pam_account_locked_message (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." @@ -2465,7 +2465,7 @@ msgstr "" "standardmeddelandet ”åtkomst nekas”." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2475,42 +2475,42 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 #, fuzzy #| msgid "pam_cert_auth (bool)" msgid "pam_passkey_auth (bool)" msgstr "pam_cert_auth (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "Standard: False" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "pam_cert_auth (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2521,22 +2521,22 @@ msgstr "" "autentiseringsprocessen är detta alternativ avaktiverat som standard." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "pam_cert_db_path (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "Sökvägen till certifikatdatabasen." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "Standard:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" @@ -2545,12 +2545,12 @@ msgstr "" "certifikat i PEM-format)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "pam_cert_verification (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2564,7 +2564,7 @@ msgstr "" "Flaggor som stödjs är samma som för <quote>certificate_verification</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2574,7 +2574,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." @@ -2584,24 +2584,24 @@ msgstr "" "<quote>[sssd]</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "p11_child_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "Hur många sekunder pam_sss kommer vänta på p11_child att avsluta." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "p11_child_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "p11_child_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 #, fuzzy #| msgid "How many seconds will pam_sss wait for p11_child to finish." msgid "" @@ -2609,12 +2609,12 @@ msgid "" msgstr "Hur många sekunder pam_sss kommer vänta på p11_child att avsluta." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "pam_app_services (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" @@ -2623,12 +2623,12 @@ msgstr "" "<quote>application</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "pam_p11_allowed_services (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." @@ -2637,7 +2637,7 @@ msgstr "" "tillåtet att använda smarta kort." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2647,7 +2647,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2667,63 +2667,63 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "Standard: standarduppsättningen av PAM-tjänstenamn innefattar:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "login" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "su" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "su-l" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "gdm-smartcard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "gdm-password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "kdm" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "sudo" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "sudo-i" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "gnome-screensaver" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "p11_wait_for_card_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2733,12 +2733,12 @@ msgstr "" "p11_child_timeout PAM-respondenten skall vänta på att ett smartkort sätts in." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "p11_uri (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2755,7 +2755,7 @@ msgstr "" "användas för att säga till p11_child att använda en specifik läsare." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2765,7 +2765,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2775,7 +2775,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2788,17 +2788,17 @@ msgstr "" "”p11tool” med t.ex. ”--list-all” visa även PKCS#11 URI:er." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "pam_initgroups_scheme" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "always" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" @@ -2806,12 +2806,12 @@ msgstr "" "fortfarande gäller" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "no_session" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" @@ -2820,12 +2820,12 @@ msgstr "" "användaren, d.v.s. om användaren inte är inloggad för närvarande" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "never" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" @@ -2834,7 +2834,7 @@ msgstr "" "inte har gått ut" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2847,17 +2847,17 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "Standard: no_session" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "pam_gssapi_services" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." @@ -2866,7 +2866,7 @@ msgstr "" "autentisering med modulen pam_sss_gss.so." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" @@ -2874,7 +2874,7 @@ msgstr "" "quote> (streck)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2885,7 +2885,7 @@ msgstr "" "över värdet i domänsektionen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2895,22 +2895,22 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Exempel: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "Standard: - (GSSAPI-autentisering är avaktiverat)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "pam_gssapi_check_upn" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2921,7 +2921,7 @@ msgstr "" "Autentisering kommer misslyckas om kontrollen misslyckas." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." @@ -2930,18 +2930,18 @@ msgstr "" "autentiseras." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Standard: True" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "pam_gssapi_indicators_map" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2952,7 +2952,7 @@ msgstr "" "autentisering med modulen pam_sss_gss.so." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2978,7 +2978,7 @@ msgstr "" "åtkomsten." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2989,7 +2989,7 @@ msgstr "" "specifik PAM-tjänst, lägg till <quote>tjänst:-</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" @@ -2997,7 +2997,7 @@ msgstr "" "Följande autentiseringsindikatorer stödjs av IPA-Kerberosinstallationer:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." @@ -3006,7 +3006,7 @@ msgstr "" "filer eller på smarta kort." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." @@ -3015,12 +3015,12 @@ msgstr "" "i en FAST-kanal." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "radius — förautentisering med hjälp av en RADIUS-server." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." @@ -3029,12 +3029,12 @@ msgstr "" "(2FA eller engångslösenord, OTP) i IPA." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "idp — förautentisering med extern identitetsleverantör." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -3044,7 +3044,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -3055,18 +3055,18 @@ msgstr "" "(PKINIT), sätt <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" "Standard: inte satt (användning av autentiseringsindikatorer krävs inte)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "SUDO-konfigurationsalternativ" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -3084,12 +3084,12 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "sudo_timed (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." @@ -3098,12 +3098,12 @@ msgstr "" "tidsberoende sudoers-poster skall evalueras eller inte." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "sudo_threshold (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -3118,22 +3118,22 @@ msgstr "" "gränsvärde gäller även IPA-sudo-kommandon och kommandogruppsökningar." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "AUTOFS-konfigurationsalternativ" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "Dessa alternativ kan användas för att konfigurera tjänsten autofs." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "autofs_negative_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -3144,22 +3144,22 @@ msgstr "" "finns) innan bakänden tillfrågas igen." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "SSH-konfigurationsalternativ" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "Dessa alternativ kan användas för att konfigurera tjänsten SSH." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "ssh_hash_known_hosts (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." @@ -3168,12 +3168,12 @@ msgstr "" "till kontrollsummor eller inte." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "ssh_known_hosts_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." @@ -3182,17 +3182,17 @@ msgstr "" "att dess värdnycklar begärdes." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "Standard: 180" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "ssh_use_certificate_keys (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -3206,12 +3206,12 @@ msgstr "" "manvolnum> </citerefentry> för detaljer." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "ssh_use_certificate_matching_rules (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -3226,7 +3226,7 @@ msgstr "" "regelnamn. Alla andra regler kommer ignoreras." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -3238,7 +3238,7 @@ msgstr "" "certifikat." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -3251,7 +3251,7 @@ msgstr "" "certifikatautentisering är aktiverat." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." @@ -3260,7 +3260,7 @@ msgstr "" "ingen regel blir vald kommer alla certifikat ignoreras." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" @@ -3269,12 +3269,12 @@ msgstr "" "standardregeln används" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "ca_db (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." @@ -3283,12 +3283,12 @@ msgstr "" "validera användarcertifikat före publika ssh-nycklar härleds från dem." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "PAC-respondentskonfigurationsalternativ" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -3306,7 +3306,7 @@ msgstr "" "kommer några av följande operationer att göras:" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -3322,7 +3322,7 @@ msgstr "" "skrivas över med parametern default_shell." #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." @@ -3331,17 +3331,17 @@ msgstr "" "användaren läggas till i dessa grupper." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "Dessa alternativ kan användas för att konfigurera PAC-respondenten." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "allowed_uids (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -3352,12 +3352,12 @@ msgstr "" "uppstart." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "Standard: 0 (endast root-användaren tillåts komma åt PAC-respondenten)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -3370,12 +3370,12 @@ msgstr "" "0 i listan av tillåtna AID:er." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "pac_lifetime (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." @@ -3384,12 +3384,12 @@ msgstr "" "datan användas för att avgöra gruppmedlemskap för en användare." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 msgid "pac_check (string)" msgstr "pac_check (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -3406,12 +3406,12 @@ msgstr "" "krb5_validate är satt till ”False” kommer PAC-kontrollerna hoppas över." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "no_check" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." @@ -3420,12 +3420,12 @@ msgstr "" "kontroller att göras." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "pac_present" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -3436,12 +3436,12 @@ msgstr "" "misslyckas." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "check_upn" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." @@ -3450,12 +3450,12 @@ msgstr "" "(UPN) är konsistent." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "check_upn_allow_missing" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -3474,7 +3474,7 @@ msgstr "" "inte längre någon anledning att sätta ”ldap_user_principal”." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -3492,22 +3492,22 @@ msgstr "" "loggmeddelandet." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "upn_dns_info_present" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "PAC:en måste innehålla bufferten UPN-DNS-INFO, implicerar ”check_upn”." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "check_upn_dns_info_ex" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." @@ -3516,12 +3516,12 @@ msgstr "" "kontrollera om informationen i utökningen är konsistent." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "upn_dns_info_ex_present" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." @@ -3530,7 +3530,7 @@ msgstr "" "”check_upn_dns_info_ex”, ”upn_dns_info_present” och ”check_upn”." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -3539,7 +3539,7 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" @@ -3548,12 +3548,12 @@ msgstr "" "check_upn_allow_missing, check_upn_dns_info_ex”)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "Konfigurationsalternativ för inspelning av sessioner" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -3569,33 +3569,33 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" "Dessa alternativ kan användas för att konfigurera inspelning av sessioner." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "scope (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "”none”" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "Inga användare spelas in." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "”some”" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." @@ -3604,17 +3604,17 @@ msgstr "" "och <replaceable>groups</replaceable> spelas in." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "”all”" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "Alla användare spelas in." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -3623,17 +3623,17 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "Standard: ”none”" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "users (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3644,17 +3644,17 @@ msgstr "" "efter eventuellt utbyte av mellanslag, ändring av skiftläge, etc." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "Standard: Tomt. Matchar inte några användare." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "groups (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3665,7 +3665,7 @@ msgstr "" "efter eventuellt utbyte av mellanslag, ändring av skiftläge, etc." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3677,17 +3677,17 @@ msgstr "" "användare måste hämtas och matchas mot grupperna användaren är en medlem i." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "Standard: Tom. Matchar inga grupper." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 msgid "exclude_users (string)" msgstr "exclude_users (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." @@ -3696,17 +3696,17 @@ msgstr "" "tillämpligt med ”scope=all”." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "Standard: Tomt. Inga användare uteslutna." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "exclude_groups (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." @@ -3715,22 +3715,22 @@ msgstr "" "inspelning. Endast tillämpligt med ”scope=all”." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "Standard: Tom. Inga grupper uteslutna." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "DOMÄNSEKTIONER" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "aktiverat" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3745,12 +3745,12 @@ msgstr "" "quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "domain_type (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3763,7 +3763,7 @@ msgstr "" "operativsystemets gränssnitt och verktyg." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." @@ -3772,7 +3772,7 @@ msgstr "" "<quote>application</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3785,7 +3785,7 @@ msgstr "" "respondenten." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." @@ -3794,7 +3794,7 @@ msgstr "" "<quote>id_provider=ldap</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." @@ -3803,17 +3803,17 @@ msgstr "" "<quote>Programdomäner</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "Standard: posix" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." @@ -3822,7 +3822,7 @@ msgstr "" "utanför dessa gränser ignoreras den." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3835,7 +3835,7 @@ msgstr "" "ligger i intervallet rapporteras som förväntat." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." @@ -3844,17 +3844,17 @@ msgstr "" "när de returneras via namn eller ID." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Standard: 1 för min_id, 0 (ingen gräns) för max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "enumerate (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3867,22 +3867,22 @@ msgstr "" "Denna parameter kan ha ett av följande värden:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = Användare och grupper räknas upp" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = Inga uppräkningar för denna domän" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "Standard: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." @@ -3891,7 +3891,7 @@ msgstr "" "grupposter från fjärrservern." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3914,7 +3914,7 @@ msgstr "" "med startas om av den interna vakthunden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." @@ -3923,7 +3923,7 @@ msgstr "" "användar- eller grupplistan returnera utan resultat tills den är färdig." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3936,7 +3936,7 @@ msgstr "" "information, se manualsidorna för den specifika id-leverantören som används." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." @@ -3945,32 +3945,32 @@ msgstr "" "stora miljöer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "subdomain_enumerate (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "all" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "Alla upptäckta betrodda domäner kommer räknas upp" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "Inga upptäckta betrodda domäner kommer räknas upp" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3983,12 +3983,12 @@ msgstr "" "bara för dessa betrodda domäner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" @@ -3997,7 +3997,7 @@ msgstr "" "bakänden igen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -4014,17 +4014,17 @@ msgstr "" "redan har cachats." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "Standard: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "entry_cache_user_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" @@ -4033,19 +4033,19 @@ msgstr "" "bakänden igen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "Standard: entry_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "entry_cache_group_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" @@ -4054,12 +4054,12 @@ msgstr "" "bakänden igen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "entry_cache_netgroup_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" @@ -4068,12 +4068,12 @@ msgstr "" "frågar bakänden igen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "entry_cache_service_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" @@ -4082,12 +4082,12 @@ msgstr "" "bakänden igen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "entry_cache_resolver_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" @@ -4096,12 +4096,12 @@ msgstr "" "den frågar bakänden igen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "entry_cache_sudo_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" @@ -4110,12 +4110,12 @@ msgstr "" "igen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "entry_cache_autofs_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" @@ -4124,12 +4124,12 @@ msgstr "" "giltiga före den frågar bakänden igen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "entry_cache_ssh_host_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." @@ -4138,12 +4138,12 @@ msgstr "" "hur länge värdnyckeln skall cachas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "entry_cache_computer_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" @@ -4152,12 +4152,12 @@ msgstr "" "igen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "refresh_expired_interval (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." @@ -4167,7 +4167,7 @@ msgstr "" "utgångna poster." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -4180,17 +4180,17 @@ msgstr "" "uppdateras både användarposten och gruppmedlemskapet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "Denna flagga ärvs automatiskt för alla betrodda domäner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "Du kan överväga att sätta detta värde till ¾ · entry_cache_timeout." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -4210,26 +4210,29 @@ msgstr "" "vilja manuellt invalidera den befintliga cachen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "Standard: 0 (avaktiverat)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "cache_credentials (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 -#, fuzzy -#| msgid "" -#| "Determines if user credentials are also cached in the local LDB cache" -msgid "Determines if user credentials are also cached in the local LDB cache." -msgstr "Bestämmer om användarkreditiv också cachas i den lokala LDB-cachen" +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." +msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -4238,12 +4241,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "cache_credentials_minimal_first_factor_length (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -4254,7 +4257,7 @@ msgstr "" "lösenord) måste ha för att sparas som en SHA512-kontrollsumma i cachen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." @@ -4264,12 +4267,12 @@ msgstr "" "attacker." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -4282,17 +4285,17 @@ msgstr "" "offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "Standard: 0 (obegränsat)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -4304,17 +4307,17 @@ msgstr "" "Dessutom måste en autentiseringsleverantör ha konfigurerats för bakänden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Standard: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "id_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -4322,12 +4325,12 @@ msgstr "" "stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "<quote>proxy</quote>: Stöd en tidigare NSS-leverantör." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4338,7 +4341,7 @@ msgstr "" "information om hur lokala användare och grupper kan speglas in i SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4349,13 +4352,18 @@ msgstr "" "information om att konfigurera LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" "<quote>ipa</quote>: Leverantören FreeIPA och Red Hat Enterprise Identity " "Management. Se <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -4363,8 +4371,8 @@ msgstr "" "konfigurera FreeIPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4375,12 +4383,12 @@ msgstr "" "citerefentry> för mer information om att konfigurera Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -4389,7 +4397,7 @@ msgstr "" "full_name_format) som användarens inloggningsnamn rapporterat till NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -4403,7 +4411,7 @@ msgstr "" "command> skulle det." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -4415,7 +4423,7 @@ msgstr "" "namn begärs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" @@ -4424,17 +4432,17 @@ msgstr "" "default_domain_suffix används)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "Returnera inte gruppmedlemmar för gruppuppslagningar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -4453,7 +4461,7 @@ msgstr "" "som om den vore tom." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -4464,11 +4472,11 @@ msgstr "" "innehåller många medlemmar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." @@ -4477,12 +4485,12 @@ msgstr "" "<emphasis>subdomain_inherit</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "auth_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -4491,7 +4499,7 @@ msgstr "" "är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4502,7 +4510,7 @@ msgstr "" "citerefentry> för mer information om att konfigurera LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4513,7 +4521,7 @@ msgstr "" "citerefentry> för mer information om att konfigurera Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" @@ -4521,12 +4529,12 @@ msgstr "" "PAM-mål." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> avaktiverar explicit autentisering." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -4535,12 +4543,12 @@ msgstr "" "autentiseringsbegäranden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "access_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -4551,7 +4559,7 @@ msgstr "" "Interna specialleverantörer är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -4560,12 +4568,12 @@ msgstr "" "åtkomstleverantören för en lokal domän." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> neka alltid åtkomst." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -4578,7 +4586,7 @@ msgstr "" "konfigurera åtkomstmodulen simple." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4589,24 +4597,24 @@ msgstr "" "citerefentry> för mer information om att konfigurera Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" "<quote>proxy</quote> för att skicka vidare åtkomstkontroll till någon annan " "PAM-modul." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "Standard: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "chpass_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4615,7 +4623,7 @@ msgstr "" "av lösenordsändring som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4626,7 +4634,7 @@ msgstr "" "manvolnum> </citerefentry> för mer information om att konfigurera LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4637,7 +4645,7 @@ msgstr "" "citerefentry> för mer information om att konfigurera Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" @@ -4645,12 +4653,12 @@ msgstr "" "annat PAM-mål." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "<quote>none</quote> tillåter uttryckligen inte lösenordsändringar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4659,18 +4667,18 @@ msgstr "" "hantera begäranden om ändring av lösenord." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "sudo_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "SUDO-leverantören som används för domänen. SUDO-leverantörer som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4681,7 +4689,7 @@ msgstr "" "citerefentry> för mer information om att konfigurera LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." @@ -4690,7 +4698,7 @@ msgstr "" "standardsinställningar för IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." @@ -4699,18 +4707,18 @@ msgstr "" "standardsinställningar för AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote> avaktiverar explicit SUDO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "Standard: värdet på <quote>id_provider</quote> används om det är satt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4727,7 +4735,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4740,12 +4748,12 @@ msgstr "" "relaterad aktivitet i SSSD om du inte vill använda sudo med SSSD alls." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "selinux_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4756,7 +4764,7 @@ msgstr "" "åtkomstleverantören avslutar. Selinux-leverantörer som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4767,14 +4775,14 @@ msgstr "" "manvolnum> </citerefentry> för mer information om att konfigurera IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" "<quote>none</quote> tillåter uttryckligen inte att hämta selinux-" "inställningar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." @@ -4783,12 +4791,12 @@ msgstr "" "begäranden om inläsning av selinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "subdomains_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" @@ -4797,7 +4805,7 @@ msgstr "" "alltid vara samma som id_provider. Underdomänsleverantörer som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4809,7 +4817,7 @@ msgstr "" "konfigurera IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4822,17 +4830,17 @@ msgstr "" "konfigurera AD-leverantören." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "<quote>none</quote> tillåter uttryckligen inte att hämta underdomäner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "session_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4844,14 +4852,14 @@ msgstr "" "med IPA. Sessionsleverantörer som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" "<quote>ipa</quote> för att utföra uppgifter relaterade till " "användarsessioner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" @@ -4859,7 +4867,7 @@ msgstr "" "användarsessioner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." @@ -4868,7 +4876,7 @@ msgstr "" "sessionsrelaterade uppgifter." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." @@ -4878,12 +4886,12 @@ msgstr "" "användaren." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "autofs_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -4891,7 +4899,7 @@ msgstr "" "är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4902,7 +4910,7 @@ msgstr "" "citerefentry> för mer information om att konfigurera LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4913,7 +4921,7 @@ msgstr "" "manvolnum> </citerefentry> för mer information om att konfigurera IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4925,17 +4933,17 @@ msgstr "" "leverantören." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> avaktiverar explicit autofs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "hostid_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -4944,7 +4952,7 @@ msgstr "" "leverantörer som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4955,17 +4963,17 @@ msgstr "" "manvolnum> </citerefentry> för mer information om att konfigurera IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> avaktiverar explicit värd-id:n." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "resolver_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" @@ -4974,7 +4982,7 @@ msgstr "" "Uppslagsleverantörer som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" @@ -4983,7 +4991,7 @@ msgstr "" "bibliotek. Se <quote>proxy_resolver_lib_name</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4994,7 +5002,7 @@ msgstr "" "manvolnum> </citerefentry> för mer information om att konfigurera LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -5007,13 +5015,13 @@ msgstr "" "leverantören." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" "<quote>none</quote> tillåter uttryckligen inte att hämta värdar och nätverk." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -5028,7 +5036,7 @@ msgstr "" "(NetBIOS) namnet på domänen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3560 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5045,17 +5053,17 @@ msgstr "" "användarnamn:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "användarnamn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "användarnamn@domän.namn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3573 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5074,12 +5082,12 @@ msgstr "" "användarnamn:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "domän\\användarnamn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." @@ -5088,7 +5096,7 @@ msgstr "" "tredje för att tillåta enkel integration av användare från Windows-domäner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -5098,17 +5106,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Standard: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "lookup_family_order (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -5117,44 +5125,44 @@ msgstr "" "uppslagningar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "Värden som stödjs:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first: Försök slå upp IPv4-adresser, om det misslyckas, prova IPv6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "ipv4_only: Försök endast slå upp värdnamn som IPv4-adresser." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first: Försök slå upp IPv6-adresser, om det misslyckas, prova IPv4" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "ipv6_only: Försök endast slå upp värdnamn som IPv6-adresser." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "Standard: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3679 msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_server_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." @@ -5163,7 +5171,7 @@ msgstr "" "DNS-server före den provar nästa DNS-server." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" @@ -5171,7 +5179,7 @@ msgstr "" "pingtidsgränsen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." @@ -5179,17 +5187,17 @@ msgstr "" "Se avsnittet <quote>RESERVER</quote> för mer information om tjänstevalet." #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "Standard: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3702 msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_op_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -5200,12 +5208,12 @@ msgstr "" "nästa värdnamn eller DNS-upptäckt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -5217,12 +5225,12 @@ msgstr "" "nås kommer domänen fortsätta att fungera i frånkopplat läge." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3743 msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_use_search_list (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -5233,7 +5241,7 @@ msgstr "" "med felaktigt konfigurerad DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -5244,17 +5252,17 @@ msgstr "" "DNS-uppslagningar i sådana miljöer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "Standard: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -5263,52 +5271,52 @@ msgstr "" "fråga om tjänsteupptäckt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "Standard: använd domändelen av maskinens värdnamn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "override_gid (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "Ersätt det primära GID-värdet med det angivna." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "case_sensitive (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "Skiftlägeskänsligt. Detta värde är inte giltigt för AD-leverantörer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "Skiftlägesokänsligt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "Preserving" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -5319,7 +5327,7 @@ msgstr "" "tjänster även protokollnamn) fortfarande skiftas ner i utdata." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." @@ -5328,7 +5336,7 @@ msgstr "" "du sätta det på både klienten och SSSD på servern." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -5337,17 +5345,17 @@ msgstr "" "värdena på alternativen är: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "Standard: True (False för AD-leverantören)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "subdomain_inherit (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -5358,47 +5366,47 @@ msgstr "" "följande alternativ ärvas:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "ldap_search_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "ldap_network_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3858 msgid "ldap_offline_timeout" msgstr "ldap_offline_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3861 msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" @@ -5407,57 +5415,57 @@ msgstr "" "ldap_krb5_keytab sätts särskilt)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3880 msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3883 msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3886 msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "auto_private_groups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "case_sensitive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -5467,28 +5475,28 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" "Observera: detta alternativ fungerar endast med leverantörerna IPA och AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "platt (NetBIOS) namn på en underdomän." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -5503,36 +5511,36 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" "Värdet kan åsidosättas av alternativet <emphasis>override_homedir</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Standard: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "realmd_tags (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" "Diverse taggar lagrade av realmd-konfigurationstjänsten för denna domän." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "cached_auth_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -5545,7 +5553,7 @@ msgstr "" "uppkopplad autentisering." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." @@ -5554,12 +5562,12 @@ msgstr "" "inte möjligt att ange olika värden för varje betrodd domän." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "Specialvärdet 0 betyder att denna funktion är avaktiverad." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -5570,17 +5578,95 @@ msgstr "" "<quote>initgroups.</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "" +#| "The following example creates a container named 'mycontainer': " +#| "<placeholder type=\"programlisting\" id=\"0\"/>" +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Följande exempel skapar en behållare som heter ”minbehållare”:<placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: mail" +msgid "Default: match" +msgstr "Standard: mail" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "auto_private_groups (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." @@ -5589,7 +5675,7 @@ msgstr "" "GID-numret ignoreras i detta läge." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5602,12 +5688,12 @@ msgstr "" "framtvingar unika nummer över hela ID-rymden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "false" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." @@ -5616,12 +5702,12 @@ msgstr "" "ett gruppobjekt i LDAP-databasen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "hybrid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5636,7 +5722,7 @@ msgstr "" "upp till det gruppobjektet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." @@ -5645,7 +5731,7 @@ msgstr "" "kan GID:t helt enkelt inte slås upp." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5656,7 +5742,7 @@ msgstr "" "befintliga användarnas privata grupper." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -5665,7 +5751,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." @@ -5675,7 +5761,7 @@ msgstr "" "översättning." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5685,7 +5771,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5697,7 +5783,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5711,7 +5797,7 @@ msgstr "" "id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -5722,31 +5808,36 @@ msgstr "" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "Proxymålet PAM är en proxy för." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4145 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" "Standard: inte satt som standard, du måste ta en befintlig pam-konfiguration " "eller skapa en ny och lägga till tjänstenamnet här." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5757,12 +5848,12 @@ msgstr "" "exempel _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "proxy_resolver_lib_name (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5773,12 +5864,12 @@ msgstr "" "_nss_$(libName)_$(function), till exempel _nss_dns_gethostbyname2_r." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5791,12 +5882,12 @@ msgstr "" "SSSD att utföra ID-uppslagningen från cachen av prestandaskäl." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "proxy_max_children (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5808,7 +5899,7 @@ msgstr "" "begäranden skulle köas upp." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5817,12 +5908,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "Programdomäner" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5851,7 +5942,7 @@ msgstr "" "traditionell SSSD-domän." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5862,17 +5953,17 @@ msgstr "" "programdomänen och dess POSIX-syskondomän sätts korrekt." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "Programdomänparametrar" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "inherit_from (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5885,7 +5976,7 @@ msgstr "" "quote>domänens inställningar." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5900,7 +5991,7 @@ msgstr "" "attributet telefon nåbart via D-Bus-gränssnittet." #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -5934,12 +6025,12 @@ msgstr "" "ldap_user_extra_attrs = telefon:telephoneNumber\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "SEKTIONEN BETRODDA DOMÄNER" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -5956,57 +6047,57 @@ msgstr "" "alternativ i sektionen för betrodda domäner är:" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "ldap_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "ldap_user_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "ldap_group_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "ldap_netgroup_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "ldap_service_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "ldap_sasl_mech," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "ad_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "ad_backup_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "ad_site," #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "use_fully_qualified_names" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." @@ -6015,12 +6106,12 @@ msgstr "" "manualsidan." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "CERTIFIKATSMAPPNINGSSEKTION" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -6042,7 +6133,7 @@ msgstr "" "fallet när lokala tjänster använder PAM för autentisering." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -6054,7 +6145,7 @@ msgstr "" "detaljer)." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -6067,12 +6158,12 @@ msgstr "" "replaceable>]</quote>. I denna sektion är följande alternativ tillåtna:" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "matchrule (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." @@ -6081,7 +6172,7 @@ msgstr "" "alla andra ignoreras." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" @@ -6090,17 +6181,17 @@ msgstr "" "Extended Key Usage <quote>clientAuth</quote>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "maprule (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "Definierar hur användaren hittas för ett givet certifikat." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." @@ -6109,7 +6200,7 @@ msgstr "" "<quote>ldap</quote>, <quote>AD</quote> eller <quote>ipa</quote>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." @@ -6118,12 +6209,12 @@ msgstr "" "användare med samma namn." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "domains (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -6136,17 +6227,17 @@ msgstr "" "lägga till regeln till underdomäner också." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "Standard: den konfigurerade domänen i sssd.conf" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "priority (heltal)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -6157,12 +6248,12 @@ msgstr "" "prioriteten medan <quote>4294967295</quote> är den lägsta." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "Standard: den lägsta prioriteten" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" @@ -6172,7 +6263,7 @@ msgstr "" "speciella egenskaper:" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" @@ -6181,7 +6272,7 @@ msgstr "" "användaren" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -6194,17 +6285,17 @@ msgstr "" "short_name})</quote>" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "alternativet <quote>domains</quote> ignoreras" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "SEKTIONEN FÖR FRÅGEKONFIGURATION" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -6219,7 +6310,7 @@ msgstr "" "tillämpliga kreditiv." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -6232,22 +6323,22 @@ msgstr "" "användarfall. Följande alternativ bör ge en bättre flexibilitet här." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "password_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "för att ändra strängen i lösenordsfrågan" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -6256,37 +6347,37 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "[prompting/2fa]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "för att ändra strängen som frågar efter den första faktorn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "second_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "för att ändra strängen som frågar efter den andra faktorn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "single_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -6299,7 +6390,7 @@ msgstr "" "faktorn är frivillig." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -6312,19 +6403,19 @@ msgstr "" "med lösenordet eller med båda faktorerna måste tvåstegsförfrågan användas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4514 #, fuzzy #| msgid "[prompting/password]" msgid "[prompting/passkey]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -6332,47 +6423,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4530 #, fuzzy #| msgid "interactive" msgid "interactive_prompt" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4532 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the interactive prompt." msgstr "för att ändra strängen i lösenordsfrågan" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4545 #, fuzzy #| msgid "first_prompt" msgid "touch_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4547 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the touch prompt." msgstr "för att ändra strängen i lösenordsfrågan" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4516 #, fuzzy #| msgid "" #| "to configure two-factor authentication prompting, allowed options are: " @@ -6385,7 +6476,7 @@ msgstr "" "alternativen: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4467 #, fuzzy #| msgid "" #| "Each supported authentication method has its own configuration subsection " @@ -6404,7 +6495,7 @@ msgstr "" ">" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -6415,12 +6506,12 @@ msgstr "" "enskilt för denna tjänst." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "EXEMPEL" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -6474,7 +6565,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -6486,7 +6577,7 @@ msgstr "" "domäner för fler detaljer. <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -6496,7 +6587,7 @@ msgstr "" "use_fully_qualified_names = false\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -6512,7 +6603,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4615 #, fuzzy, no-wrap #| msgid "" #| "[certmap/my.domain/rule_name]\n" @@ -6540,7 +6631,7 @@ msgstr "" "matchrule = <ISSUER>^CN=My-CA,DC=MIN,DC=DOMÄN$<SUBJECT>^CN=User.Name,DC=MIN,DC=DOMÄN$\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4609 #, fuzzy #| msgid "" #| "3. The following example shows the configuration for two certificate " @@ -6613,14 +6704,23 @@ msgstr "Du kan konfigurera SSSD för att använda mer än en LDAP-domän." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" "LDAP-bakändar stödjer leverantörer av id, autentisering, åtkomst och " "lösenordsändring. Om du vill autentisera mot en LDAP-server krävs antingen " @@ -6631,19 +6731,19 @@ msgstr "" "information om att använda LDAP som en åtkomstleverantör." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "KONFIGURATIONSALTERNATIV" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "ldap_uri, ldap_backup_uri (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -6658,17 +6758,17 @@ msgstr "" "<quote>TJÄNSTEUPPTÄCKT</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "Formatet på URI:n måste stämma med formatet som definieras i RFC 2732:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<värd>[:port]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" @@ -6676,17 +6776,17 @@ msgstr "" "hakparenteser []" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "exempel: ldap://[fc00::126:25]:389" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -6699,29 +6799,29 @@ msgstr "" "serverredundans." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "För att aktivera tjänsteuppslagning måste ldap_chpass_dns_service_name vara " "satt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "Standard: tomt, d.v.s. ldap_uri används." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "ldap_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "Standard bas-DN att använda för att utföra LDAP-användaroperationer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" @@ -6730,17 +6830,17 @@ msgstr "" "syntaxen:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "sökbas[?räckvidd?[filter][?sökbas?räckvidd?[filter]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "Räckvidden kan vara en av ”base”, ”onelevel” eller ”subtree”." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" @@ -6749,13 +6849,13 @@ msgstr "" "ietf.org/rfc/rfc2254.txt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "Exempel:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" @@ -6764,7 +6864,7 @@ msgstr "" "ldap_search_base = dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" @@ -6773,7 +6873,7 @@ msgstr "" "(host=thishost)?dc=example.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -6785,7 +6885,7 @@ msgstr "" "sökbaser). Detta kommer medföra oförutsägbart beteende på klientmaskinerna." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -6802,12 +6902,12 @@ msgstr "" "stödjs inte." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "ldap_schema (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -6818,32 +6918,32 @@ msgstr "" "Sättet som en del attribut hanteras kan också skilja." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "Fyra schematyper stödjs för närvarande:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "rfc2307bis" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -6860,37 +6960,37 @@ msgstr "" "värden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "Standard: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "ldap_pwmodify_mode (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "Ange operationen som används för att ändra användarens lösenord." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "Två lägen stödjs för närvarande:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "exop - Password Modify Extended Operation (RFC 3062)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "ldap_modify - Direkt ändring av userPassword (rekommenderas inte)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -6903,52 +7003,52 @@ msgstr "" "måste användaren ha skrivrätt på attributet userPassword." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "Standard: exop" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "Standardbindnings-DN att använda för att utföra LDAP-operationer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "Typen på autentiseringstecknet hos standardbindnings-DN." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "De två mekanismerna som stödjs för närvarande är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "Standard: password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." @@ -6957,22 +7057,22 @@ msgstr "" "<manvolnum>8</manvolnum> </citerefentry> för mer information." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "Autentiseringstecknet hos standardbindnings-DN." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -6985,12 +7085,12 @@ msgstr "" "rike i versaler." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." @@ -6999,12 +7099,12 @@ msgstr "" "uppräknade poster." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "ldap_purge_cache_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -7015,7 +7115,7 @@ msgstr "" "att spara utrymme." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -7028,12 +7128,12 @@ msgstr "" "Som standard kör rensningsjobbet var 3:e timma när uppräkning är aktiverat." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -7044,7 +7144,7 @@ msgstr "" "kommer följa. Detta alternativ har ingen effekt på schemat RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -7060,7 +7160,7 @@ msgstr "" "ursprungliga uppslagningen om den slås upp igen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -7075,12 +7175,12 @@ msgstr "" "false för att begränsa gruppnästning." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "Standard: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." @@ -7090,23 +7190,23 @@ msgstr "" "2008 och senare." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "Standard: true för AD och IPA annars false." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "ldap_host_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "Frivillig. Använd den givna strängen som en sökbas för värdobjekt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." @@ -7115,32 +7215,32 @@ msgstr "" "multipla sökbaser." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "Standard: värdet på <emphasis>ldap_search_base</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "ldap_service_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "ldap_iphost_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "ldap_ipnetwork_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -7150,7 +7250,7 @@ msgstr "" "och cachade resultat returneras (och går in i frånkopplat läge)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -7161,12 +7261,12 @@ msgstr "" "specifika uppslagningstyper." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -7177,12 +7277,12 @@ msgstr "" "returneras (och går in i frånkopplat läge)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -7199,12 +7299,12 @@ msgstr "" "citerefentry> returnerar om inget händer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -7218,12 +7318,12 @@ msgstr "" "operationen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -7236,7 +7336,7 @@ msgstr "" "(detta värde eller TGT-livslängden) användas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -7254,7 +7354,7 @@ msgstr "" "emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" @@ -7263,17 +7363,17 @@ msgstr "" "<emphasis>ldap_connection_expire_offset</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "Standard: 900 (15 minuter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "ldap_connection_expire_offset (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." @@ -7282,12 +7382,12 @@ msgstr "" "till<emphasis>ldap_connection_expire_timeout</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 msgid "ldap_connection_idle_timeout (integer)" msgstr "ldap_connection_idle_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -7298,17 +7398,17 @@ msgstr "" "kommer förbindelsen att stängas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "Man kan avaktivera denna tidsgräns genom att sätta värdet till 0." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." @@ -7317,12 +7417,12 @@ msgstr "" "LDAP-servrar framtvingar en maximal gräns per begäran." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "ldap_disable_paging (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -7333,7 +7433,7 @@ msgstr "" "RootDSE men det inte är aktiverat eller inte fungerar som det skall." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." @@ -7343,7 +7443,7 @@ msgstr "" "den." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -7354,17 +7454,17 @@ msgstr "" "att några begäranden nekas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "ldap_disable_range_retrieval (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "Avaktivera Active Directory intervallhämtning." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -7380,12 +7480,12 @@ msgstr "" "medlemmar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "ldap_sasl_minssf (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -7396,17 +7496,17 @@ msgstr "" "detta alternativ är definierat av OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "Standard: använd systemstandard (vanligen angivet i ldap.conf)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "ldap_sasl_maxssf (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -7417,12 +7517,12 @@ msgstr "" "detta alternativ är definierat av OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -7433,7 +7533,7 @@ msgstr "" "individuellt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -7450,7 +7550,7 @@ msgstr "" "rootDSE-objektet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -7463,7 +7563,7 @@ msgstr "" "OpenLDAP och Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -7474,12 +7574,12 @@ msgstr "" "oavsett denna inställning." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "ldap_ignore_unreadable_references (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -7490,7 +7590,7 @@ msgstr "" "misslyckas istället för att den oläsbara posten bara ignoreras." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -7501,12 +7601,12 @@ msgstr "" "en viss post eller ett visst LDAP-underträd av säkerhetsskäl." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -7515,7 +7615,7 @@ msgstr "" "några. Det kan anges som ett av följande värden:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -7524,7 +7624,7 @@ msgstr "" "några servercertifikat." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -7535,7 +7635,7 @@ msgstr "" "tillhandahålls kommer det ignoreras och sessionen fortsätta normalt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -7546,7 +7646,7 @@ msgstr "" "tillhandahålls avslutas sessionen omedelbart." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -7557,22 +7657,22 @@ msgstr "" "sessionen omedelbart." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = Samma som <quote>demand</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "Standard: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -7581,7 +7681,7 @@ msgstr "" "<command>sssd</command> kommer godkänna." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -7590,12 +7690,12 @@ msgstr "" "openldap/ldap.conf</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -7609,32 +7709,32 @@ msgstr "" "namnen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "Anger filen som innehåller certifikatet för klientens nyckel." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "Anger filen som innehåller klientens nyckel." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -7645,26 +7745,31 @@ msgstr "" "manvolnum></citerefentry> för formatet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" "Anger att id-leverantörsförbindelsen också måste använda <systemitem " "class=\"protocol\">tls</systemitem> för att skydda kanalen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "ldap_id_mapping (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -7675,18 +7780,18 @@ msgstr "" "förlita sig på ldap_user_uid_number och ldap_group_gid_number." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" "För närvarande stödjer denna funktion endast ActiveDirectory objectSID." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "ldap_min_id, ldap_max_id (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -7704,17 +7809,17 @@ msgstr "" "Underdomäner kan sedan välja andra intervall för att översätta ID:n." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "Standard: inte satt (båda alternativen är satta till 0)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." @@ -7723,7 +7828,7 @@ msgstr "" "GSSAPI och GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -7739,12 +7844,12 @@ msgstr "" "conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry> för detaljer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -7764,7 +7869,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -7784,17 +7889,17 @@ msgstr "" "keytab." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "Standard: host/värdnamn@RIKE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "ldap_sasl_realm (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -7805,17 +7910,17 @@ msgstr "" "ignoreras detta alternativ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "Standard: värdet på krb5_realm." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." @@ -7824,34 +7929,34 @@ msgstr "" "att ta fram värdnamnets kanoniska form under en SASL-bindning." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "Standard: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" "Ange den keytab som skall användas vid användning av SASL/GSSAPI/GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Standard: Systemets keytab, normalt <filename>/etc/krb5.keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -7862,29 +7967,29 @@ msgstr "" "eller GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" "Anger livslängden i sekunder på TGT:n om GSSAPI eller GSS-SPNEGO används." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "Standard: 86400 (24 timmar)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "krb5_server, krb5_backup_server (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -7902,7 +8007,7 @@ msgstr "" "mer information, se avsnittet <quote>TJÄNSTEUPPTÄCKT</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -7913,7 +8018,7 @@ msgstr "" "hittas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -7925,27 +8030,27 @@ msgstr "" "quote> istället." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "Ange Kerberos-RIKE (för SASL/GSSAPI/GSS-SPNEGO aut)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "Standard: Systemstandard, se <filename>/etc/krb5.conf</filename>" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" @@ -7954,12 +8059,12 @@ msgstr "" "servern. Denna funktion är tillgänglig med MIT Kerberos ≥ 1.7" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "krb5_use_kdcinfo (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -7974,7 +8079,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -7985,12 +8090,12 @@ msgstr "" "om lokaliseringsinsticksmodulen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -7999,7 +8104,7 @@ msgstr "" "värden är tillåtna:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -8008,7 +8113,7 @@ msgstr "" "alternativ kan inte avaktivera lösenordspolicyer på serversidan." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -8021,7 +8126,7 @@ msgstr "" "även alternativet ”ldap_chpass_update_last_change”." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -8032,7 +8137,7 @@ msgstr "" "chpass_provider=krb5 för att uppdatera dessa attribut när lösenordet ändras." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." @@ -8041,17 +8146,17 @@ msgstr "" "kommer den alltid gå före framför policyn som sätts med detta alternativ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "Anger huruvida automatisk uppföljning av referenser skall aktiveras." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -8060,7 +8165,7 @@ msgstr "" "kompilerad med OpenLDAP version 2.4.13 eller senare." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -8081,28 +8186,28 @@ msgstr "" "data vara tillgängliga." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "Anger tjänstenamnet som skall användas när tjänsteupptäckt är aktiverat." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "Standard: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." @@ -8111,17 +8216,17 @@ msgstr "" "lösenordsändringar när tjänsteupptäckt är aktiverat." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "Standard: inte satt, d.v.s. tjänsteupptäckt är avaktiverat" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "ldap_chpass_update_last_change (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." @@ -8130,7 +8235,7 @@ msgstr "" "dagar sedan epoken efter en ändring av lösenord." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -8143,12 +8248,12 @@ msgstr "" "SSSD måste uppdatera det." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -8176,12 +8281,12 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "Exempel:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -8193,7 +8298,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." @@ -8202,7 +8307,7 @@ msgstr "" "användare vars attribut employeeType är satt till ”admin”." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -8215,17 +8320,17 @@ msgstr "" "fortsätta ges åtkomst under frånkoppling, och vice versa." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "Standard: Empty" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." @@ -8234,7 +8339,7 @@ msgstr "" "åtkomststyrningsattribut aktiveras." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -8245,12 +8350,12 @@ msgstr "" "felkod även om lösenordet är korrekt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "Följande värden är tillåtna:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." @@ -8259,7 +8364,7 @@ msgstr "" "att avgöra om kontot har gått ut." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -8272,7 +8377,7 @@ msgstr "" "kontrolleras också." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -8283,7 +8388,7 @@ msgstr "" "tillåts eller inte." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -8295,7 +8400,7 @@ msgstr "" "för att avgöra om åtkomst tillåts. Om båda attributen saknas tillåts åtkomst." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -8306,23 +8411,23 @@ msgstr "" "ldap_account_expire_policy skall fungera." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "ldap_access_order (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "Kommaseparerad lista över åtkomststyrningsalternativ. Tillåtna värden är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis>: använd ldap_access_filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -8337,7 +8442,7 @@ msgstr "" "fungera." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" @@ -8347,7 +8452,7 @@ msgstr "" "emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -8368,12 +8473,12 @@ msgstr "" "måste vara satt för att denna funktion skall fungera." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "<emphasis>expire</emphasis>: använd ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -8388,31 +8493,31 @@ msgstr "" "exempel SSH-nycklar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." @@ -8422,7 +8527,7 @@ msgstr "" "lämplig lösenordspolicy." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" @@ -8431,13 +8536,13 @@ msgstr "" "för att avgöra åtkomst" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" "<emphasis>host</emphasis>: använd attributet host för att avgöra åtkomst" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" @@ -8446,7 +8551,7 @@ msgstr "" "fjärrvärdar kan få åtkomst" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" @@ -8456,12 +8561,12 @@ msgstr "" "åtkomstkontroll aktiveras" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "Standard: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." @@ -8470,12 +8575,12 @@ msgstr "" "gång." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "ldap_pwdlockout_dn (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -8488,22 +8593,22 @@ msgstr "" "LDAP-servern inte kan kontrolleras ordentligt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "Exempel: cn=ppolicy,ou=policies,dc=example,dc=com" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "Standard: cn=ppolicy,ou=policies,$ldap_search_base" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "ldap_deref (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" @@ -8512,12 +8617,12 @@ msgstr "" "alternativ är tillåtna:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "<emphasis>never</emphasis>: Alias är aldrig derefererade." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." @@ -8526,7 +8631,7 @@ msgstr "" "basobjektet, men inte vid lokalisering av basobjektet för sökningen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." @@ -8535,7 +8640,7 @@ msgstr "" "basobjektet för sökningen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." @@ -8544,7 +8649,7 @@ msgstr "" "lokalisering av basobjektet för sökningen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -8553,12 +8658,12 @@ msgstr "" "klientbiblioteken)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "ldap_rfc2307_fallback_to_local_users (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -8567,7 +8672,7 @@ msgstr "" "servrar som använder schemat RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -8584,7 +8689,7 @@ msgstr "" "via anrop av getpw*() eller initgroups()." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -8595,12 +8700,12 @@ msgstr "" "de lokala användarna med de extra LDAP-grupperna." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "wildcard_limit (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." @@ -8609,23 +8714,23 @@ msgstr "" "jokertecken." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" "För närvarande stödjer endast respondenten InfoPipe jokeruppslagningar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "Standard: 1000 (ofta storleken på en sida)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "ldap_library_debug_level (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." @@ -8634,7 +8739,7 @@ msgstr "" "kommer skrivas oberoende av den allmänna debug_level." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." @@ -8643,12 +8748,12 @@ msgstr "" "komponenter, -1 kommer aktivera fullständig felsökningsutmatning." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "Standard: 0 (libldap-felsökning avaktiverat)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -8668,12 +8773,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "SUDOALTERNATIV" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -8684,12 +8789,12 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "ldap_sudo_full_refresh_interval (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." @@ -8699,7 +8804,7 @@ msgstr "" "servern)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" @@ -8708,7 +8813,7 @@ msgstr "" "emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." @@ -8717,17 +8822,17 @@ msgstr "" "0. Dock måste antingen smart eller fullständig uppdatering aktiveras." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "Standard: 21600 (6 timmar)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "ldap_sudo_smart_refresh_interval (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -8738,7 +8843,7 @@ msgstr "" "USN-värde som för närvarande är känt av SSSD)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." @@ -8747,7 +8852,7 @@ msgstr "" "istället." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -8763,7 +8868,7 @@ msgstr "" "<emphasis>ldap_connection_expire_timeout</emphasis>)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." @@ -8772,12 +8877,12 @@ msgstr "" "Dock måste antingen smart eller fullständig uppdatering aktiveras." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "ldap_sudo_random_offset (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -8788,7 +8893,7 @@ msgstr "" "schemaläggs. Värdet är i sekunder." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -8799,17 +8904,17 @@ msgstr "" "tiden under vilken sudo-reglerna inte är tillgängliga för användning." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "Man kan avaktivera denna fördröjning genom att sätta värdet till 0." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "ldap_sudo_use_host_filter (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." @@ -8818,12 +8923,12 @@ msgstr "" "(genom användning av IPv4- och IPv6-värd-/-nätverksadresser och värdnamn)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "ldap_sudo_hostnames (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." @@ -8832,7 +8937,7 @@ msgstr "" "domännamn som skall användas för att filtrera reglerna." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." @@ -8841,8 +8946,8 @@ msgstr "" "fullständigt kvalificerade domännamnet automatiskt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." @@ -8851,17 +8956,17 @@ msgstr "" "emphasis> har detta alternativ ingen effekt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "Standard: inte angivet" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "ldap_sudo_ip (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." @@ -8870,7 +8975,7 @@ msgstr "" "skall användas för att filtrera reglerna." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." @@ -8879,12 +8984,12 @@ msgstr "" "automatiskt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "ldap_sudo_include_netgroups (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." @@ -8893,12 +8998,12 @@ msgstr "" "attributet sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "ldap_sudo_include_regexp (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." @@ -8907,7 +9012,7 @@ msgstr "" "attributet sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" @@ -8916,7 +9021,7 @@ msgstr "" "LDAP-serversidan!" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -8929,12 +9034,12 @@ msgstr "" "manvolnum> </citerefentry>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "AUTOFSALTERNATIV" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." @@ -8942,47 +9047,47 @@ msgstr "" "Några av standardvärdena för parametrar nedan är beroende på LDAP-schemat." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "ldap_autofs_map_master_name (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "Namnet på automount master-kartan i LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "Standard: auto.master" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "AVANCERADE ALTERNATIV" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "<note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -8995,22 +9100,22 @@ msgstr "" "avaktivera denna funktion om gruppnamn inte visas korrekt." #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "</note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "ldap_sudo_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "ldap_autofs_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -9023,14 +9128,14 @@ msgstr "" "type=\"variablelist\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "EXEMPEL" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -9040,7 +9145,7 @@ msgstr "" "till en av domänerna i avsnittet <replaceable>[domains]</replaceable>." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -9060,20 +9165,20 @@ msgstr "" "cache_credentials = true\n" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "LDAP-ÅTKOMSTFILTEREXEMPEL" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." @@ -9082,7 +9187,7 @@ msgstr "" "ldap_access_order=lockout används." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -9108,13 +9213,13 @@ msgstr "" "cache_credentials = true\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "NOTER" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -12022,12 +12127,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "Exempel: dyndns_iface = em1, vnet1, vnet2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "dyndns_auth (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -12038,17 +12143,17 @@ msgstr "" "sätta detta alternativ till ”none”." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "Standard: GSS-TSIG" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "dyndns_auth_ptr (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -12059,7 +12164,7 @@ msgstr "" "sätta detta alternativ till ”none”." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "Standard: samma som dyndns_auth" @@ -12132,17 +12237,24 @@ msgstr "" "servern genererar PTR-posterna automatiskt när framåtposterna ändras." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "Standard: False (avaktiverat)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "dyndns_force_tcp (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." @@ -12151,17 +12263,17 @@ msgstr "" "med DNS-servern." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "Standard: False (låt nsupdate välja protokollet)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "dyndns_server (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." @@ -12170,7 +12282,7 @@ msgstr "" "flesta uppsättningar rekommenderas det att låta detta alternativ vara osatt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." @@ -12179,7 +12291,7 @@ msgstr "" "skild från identitetsservern." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." @@ -12189,17 +12301,17 @@ msgstr "" "inställningar misslyckas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "Standard: Ingen (låt nsupdate välja servern)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "dyndns_update_per_family (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -12210,21 +12322,21 @@ msgstr "" "och IPv6-uppdateringar i ett enda steg." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "ldap_access_order (string)" msgid "ipa_access_order (string)" msgstr "ldap_access_order (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 #, fuzzy #| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "<emphasis>expire</emphasis>: använd ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 #, fuzzy #| msgid "" #| "Please note that 'access_provider = ldap' must be set for this feature to " @@ -12239,12 +12351,12 @@ msgstr "" "lämplig lösenordspolicy." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "ipa_deskprofile_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." @@ -12253,17 +12365,17 @@ msgstr "" "skrivbordsprofilrelaterade objekt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "Standard: använd bas-DN" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "ipa_subid_ranges_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." @@ -12272,92 +12384,92 @@ msgstr "" "underordningsintervallsrelaterade objekt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "Standard: värdet på <emphasis>cn=subids,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" "Frivillig. Använd den givna strängen som sökbas för HBAC-relaterade objekt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "ipa_host_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "Undanbedes. Använd ldap_host_search_base istället." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "ipa_selinux_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" "Frivillig. Använd den givna strängen som en sökbas för SELinux-" "användaröversättningar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "ipa_subdomains_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" "Frivillig. Använd den givna strängen som en sökbas för betrodda domäner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "Standard: värdet på <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "ipa_master_domain_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" "Frivillig. Använd den givna strängen som en sökbas för huvuddomänobjekt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "Standard: värdet av <emphasis>cn=ad,cn=etc,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "ipa_views_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "Frivillig. Använd den givna strängen som en sökbas för vybehållare." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "Standard: värdet av <emphasis>cn=views,cn=accounts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." @@ -12366,7 +12478,7 @@ msgstr "" "värdet av <quote>ipa_domain</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." @@ -12375,12 +12487,12 @@ msgstr "" "till bas-DN:en för att användas när LDAP-operationer utförs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "krb5_confd_path (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." @@ -12389,7 +12501,7 @@ msgstr "" "för Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." @@ -12398,7 +12510,7 @@ msgstr "" "”none”." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" @@ -12406,12 +12518,12 @@ msgstr "" "katalog)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "ipa_deskprofile_refresh (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -12422,17 +12534,17 @@ msgstr "" "görs många begäranden om skrivbordsprofiler under en kort tid." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "Standard: 5 (sekunder)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "ipa_deskprofile_request_interval (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." @@ -12441,17 +12553,17 @@ msgstr "" "den senaste förfrågan inte returnerade någon regel." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "Standard: 60 (minuter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -12462,12 +12574,12 @@ msgstr "" "begäranden om åtkomstkontroll under en kort tid." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "ipa_hbac_selinux (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -12478,12 +12590,12 @@ msgstr "" "många begäranden om användarinloggningar under en kort tid." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "ipa_server_mode (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." @@ -12492,7 +12604,7 @@ msgstr "" "och markerar om SSSD kör på en IPA-server eller inte." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." @@ -12501,7 +12613,7 @@ msgstr "" "domäner direkt medan på en klient kommer den att fråga en IPA-server." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." @@ -12510,7 +12622,7 @@ msgstr "" "kör på en IPA-server." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -12521,7 +12633,7 @@ msgstr "" "installeraren, så det behövs inga manuella ändringar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." @@ -12530,52 +12642,52 @@ msgstr "" "skriva korta namn på användare från betrodda domäner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "ipa_automount_location (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "Automonteringsplatsen denna IPA-klient kommer använda" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "Standard: platsen som heter ”default”" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "VYER OCH ÅSIDOSÄTTANDEN" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "ipa_view_class (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "Objektklass för vybehållaren." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "Standard: nsContainer" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "ipa_view_name (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "Namn på attributet som har namnet på vyn." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -12583,27 +12695,27 @@ msgid "Default: cn" msgstr "Standard: cn" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "ipa_override_object_class (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "Objektklass för åsidosättande objekt." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "Standard: ipaOverrideAnchor" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "ipa_anchor_uuid (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." @@ -12612,17 +12724,17 @@ msgstr "" "fjärrdomän." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "Standard: ipaAnchorUUID" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "ipa_user_override_object_class (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." @@ -12632,57 +12744,57 @@ msgstr "" "eller en grupp." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "Användaråsidosättanden kan innehålla attribut givna av" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "ldap_user_name" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "ldap_user_uid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "ldap_user_gid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "ldap_user_gecos" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "ldap_user_home_directory" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "ldap_user_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "ldap_user_ssh_public_key" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "Standard: ipaUserOverride" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "ipa_group_override_object_class (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." @@ -12692,27 +12804,27 @@ msgstr "" "grupp." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "Gruppåsidosättanden kan innehålla attribut givna av" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "ldap_group_name" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "ldap_group_gid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "Standard: ipaGroupOverride" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -12727,12 +12839,12 @@ msgstr "" "standardvärden. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "UNDERDOMÄNSLEVERANTÖR" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." @@ -12741,7 +12853,7 @@ msgstr "" "explicit eller implicit." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -12752,7 +12864,7 @@ msgstr "" "av underdomäner skickas till IPA-servern om nödvändigt." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -12771,12 +12883,12 @@ msgstr "" "blir uppkopplad aktiveras underdomänsleverantören igen." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "KONFIGURATION AV BETRODDA DOMÄNER" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -12786,7 +12898,7 @@ msgstr "" "ad_server = dc.ad.domain.com\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -12801,7 +12913,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." @@ -12810,7 +12922,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." @@ -12819,61 +12931,61 @@ msgstr "" "på huruvida man konfigurerar SSSD på en IPA-server eller en IPA-klient." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "ALTERNATIV ATT STÄLLA IN PÅ IPA-MASTRAR" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" "Följande alternativ kan sättas i ett underdomänsavsnitt på en IPA-master:" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "ad_server" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "ad_backup_server" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "ad_site" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "ldap_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "ldap_user_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "ldap_group_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "ALTERNATIV ATT STÄLLA IN PÅ IPA-KLIENTER" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" "Följande alternativ kan sättas i ett underdomänsavsnitt på en IPA-klient:" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." @@ -12882,7 +12994,7 @@ msgstr "" "quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -12905,7 +13017,7 @@ msgstr "" "<manvolnum>8</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -12916,7 +13028,7 @@ msgstr "" "exempel visar endast alternativ som är specifika för leverantören ipa." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -14531,7 +14643,7 @@ msgstr "" "mindre än 60 ges kommer parametern endast anta det lägsta värdet." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -14542,7 +14654,7 @@ msgstr "" "exempel visar endast alternativ som är specifika för leverantören AD." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -14566,7 +14678,7 @@ msgstr "" "ad_domain = example.com\n" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -14578,7 +14690,7 @@ msgstr "" "ldap_account_expire_policy = ad\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -14589,7 +14701,7 @@ msgstr "" "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -14604,7 +14716,7 @@ msgstr "" "krypteringsdetaljer) manuellt." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -21479,9 +21591,13 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" "När detta alternativ konfigureras kommer domäner allokeras med början med " "skiva noll och ökar monatomärt med varje ytterligare domän." @@ -22640,6 +22756,18 @@ msgstr "" "Anger om värdens och användarens huvudman skall göras kanonisk. Denna " "funktion är tillgänglig med MIT Kerberos 1.7 och senare versioner." +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "Detta alternativ är inte tillgängligt i IPA-leverantören." + +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "Bestämmer om användarkreditiv också cachas i den lokala LDB-cachen" + #~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" #~ msgstr "Användarkreditiv sparas i en SHA512-kontrollsumma, inte i klartext" @@ -23364,13 +23492,6 @@ msgstr "" #~ " -XPOST http://localhost/secrets/minbeh%C3%A5llare/\n" #~ " " -#~ msgid "" -#~ "The following example creates a container named 'mycontainer': " -#~ "<placeholder type=\"programlisting\" id=\"0\"/>" -#~ msgstr "" -#~ "Följande exempel skapar en behållare som heter ”minbehållare”:" -#~ "<placeholder type=\"programlisting\" id=\"0\"/>" - #, no-wrap #~ msgid "" #~ "http://localhost/secrets/mycontainer/mysecret\n" diff --git a/src/man/po/tg.po b/src/man/po/tg.po index 59d2c5a469f..e4dc18d039a 100644 --- a/src/man/po/tg.po +++ b/src/man/po/tg.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2014-12-15 12:10-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/" @@ -204,11 +204,11 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Пешфарз: true" @@ -225,11 +225,11 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -263,8 +263,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -294,8 +294,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Пешфарз: 10" @@ -359,19 +359,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Пешфарз: 3" @@ -393,7 +393,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "" @@ -413,12 +413,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -426,39 +426,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -601,8 +601,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -872,7 +872,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -917,11 +917,11 @@ msgstr "" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -948,12 +948,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -962,22 +962,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -987,17 +987,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1007,19 +1007,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 5400" msgid "Default: 60, KCM: 300" msgstr "Пешфарз: 5400" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1030,14 +1030,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1045,44 +1045,44 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 msgid "offline_timeout_max (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1091,62 +1091,62 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 3" msgid "Default: 3600" msgstr "Пешфарз: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 3" msgid "Default: 30" msgstr "Пешфарз: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1158,58 +1158,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 -#: sssd-ldap.5.xml:331 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "Пешфарз: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1217,7 +1217,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1227,7 +1227,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1236,17 +1236,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "Пешфарз: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1254,17 +1254,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "Пешфарз: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1272,17 +1272,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1291,7 +1291,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1300,41 +1300,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "Пешфарз: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1342,23 +1342,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1366,47 +1366,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1414,113 +1414,113 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "Пешфарз: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1528,25 +1528,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 msgid "memcache_size_group (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1554,19 +1554,19 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Пешфарз: 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1574,12 +1574,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 msgid "memcache_size_sid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1588,12 +1588,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1604,45 +1604,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 #, fuzzy #| msgid "Default: true" msgid "Default: <quote>*</quote>" msgstr "Пешфарз: true" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1651,60 +1651,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "Пешфарз: 0 (Номаҳдуд)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1712,59 +1712,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "Пешфарз: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "Пешфарз: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1773,51 +1773,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1828,23 +1828,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1852,7 +1852,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1861,17 +1861,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1879,31 +1879,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "Пешфарз: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1913,75 +1913,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -1989,19 +1989,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2009,40 +2009,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2050,34 +2050,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2087,7 +2087,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2095,59 +2095,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 msgid "passkey_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2155,7 +2155,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2167,63 +2167,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2231,12 +2231,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2247,7 +2247,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2255,7 +2255,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2263,7 +2263,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2272,47 +2272,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2321,30 +2321,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2352,7 +2352,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2360,22 +2360,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2383,25 +2383,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2409,7 +2409,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2424,7 +2424,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2432,45 +2432,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2478,7 +2478,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2486,17 +2486,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2507,24 +2507,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2534,22 +2534,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2557,51 +2557,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2610,12 +2610,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2625,7 +2625,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2633,7 +2633,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2642,38 +2642,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2684,7 +2684,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2695,24 +2695,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2720,12 +2720,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2734,24 +2734,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 msgid "pac_check (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2762,24 +2762,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2787,24 +2787,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2816,7 +2816,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2827,60 +2827,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -2890,66 +2890,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -2957,17 +2957,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -2975,7 +2975,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -2984,56 +2984,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 msgid "exclude_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3043,12 +3043,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3057,14 +3057,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3073,38 +3073,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3113,24 +3113,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3139,29 +3139,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "Пешфарз: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3175,14 +3175,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3191,39 +3191,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3232,19 +3232,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3255,139 +3255,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "Пешфарз: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3396,17 +3396,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3418,23 +3418,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 -msgid "Determines if user credentials are also cached in the local LDB cache." +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3443,12 +3449,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3456,19 +3462,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3477,17 +3483,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "Пешфарз: 0 (номаҳдуд)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3496,28 +3502,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3525,7 +3531,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3533,18 +3539,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3552,19 +3557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3573,7 +3578,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3581,24 +3586,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3610,7 +3615,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3618,30 +3623,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3649,7 +3654,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3657,30 +3662,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3688,19 +3693,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3709,7 +3714,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3717,29 +3722,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3747,7 +3752,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3755,35 +3760,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3791,32 +3796,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3827,7 +3832,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3836,12 +3841,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3849,7 +3854,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3857,31 +3862,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3889,7 +3894,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3898,17 +3903,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3916,43 +3921,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3960,7 +3965,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3968,7 +3973,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3976,24 +3981,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4001,31 +4006,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4033,7 +4038,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4042,12 +4047,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4057,24 +4062,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4083,19 +4088,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4105,89 +4110,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3679 msgid "dns_resolver_server_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3702 msgid "dns_resolver_op_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4195,12 +4200,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4209,12 +4214,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3743 msgid "dns_resolver_use_search_list (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4222,7 +4227,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4230,69 +4235,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "Пешфарз: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4300,31 +4305,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4332,104 +4337,104 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3858 msgid "ldap_offline_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3861 msgid "ldap_enumeration_refresh_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3880 msgid "ldap_enumeration_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3883 msgid "ldap_connection_expire_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3886 msgid "ldap_connection_expire_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4437,27 +4442,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4467,34 +4472,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4503,19 +4508,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4523,24 +4528,94 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3989 +msgid "local_auth_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: match" +msgstr "Пешфарз: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4549,24 +4624,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4576,14 +4651,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4591,21 +4666,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4613,7 +4688,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4622,7 +4697,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4631,7 +4706,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4639,29 +4714,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4669,12 +4745,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4682,12 +4758,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4696,12 +4772,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4709,19 +4785,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4738,7 +4814,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4746,17 +4822,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4765,7 +4841,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4775,7 +4851,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4795,12 +4871,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4811,69 +4887,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4886,7 +4962,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4894,7 +4970,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4903,55 +4979,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -4960,17 +5036,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -4978,26 +5054,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5006,17 +5082,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5026,7 +5102,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5035,59 +5111,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5096,7 +5172,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5105,17 +5181,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5123,46 +5199,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5171,7 +5247,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5179,12 +5255,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5214,7 +5290,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5223,7 +5299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5231,7 +5307,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5242,7 +5318,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5253,7 +5329,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5307,26 +5383,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5336,33 +5412,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5371,71 +5447,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "Намунаҳо:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5444,7 +5520,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5455,12 +5531,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5468,32 +5544,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5504,37 +5580,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "Пешфарз: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5543,74 +5619,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "парол" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "Пешфарз: парол" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5619,24 +5695,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5644,7 +5720,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5653,12 +5729,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -5666,7 +5742,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5676,7 +5752,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5686,67 +5762,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "Пешфарз: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5754,7 +5830,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5762,12 +5838,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5775,12 +5851,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -5791,12 +5867,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5805,12 +5881,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5819,7 +5895,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5830,36 +5906,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 msgid "ldap_connection_idle_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -5867,29 +5943,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -5897,14 +5973,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -5912,17 +5988,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -5932,12 +6008,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -5945,17 +6021,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -5963,12 +6039,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -5976,7 +6052,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -5987,7 +6063,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -5996,7 +6072,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6004,12 +6080,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6017,7 +6093,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6025,26 +6101,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6052,7 +6128,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6060,7 +6136,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6068,41 +6144,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6111,32 +6187,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6144,24 +6220,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6169,17 +6246,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6190,24 +6267,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6218,12 +6295,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6236,7 +6313,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6248,17 +6325,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6266,49 +6343,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "Пешфарз: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6316,28 +6393,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6349,7 +6426,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6357,7 +6434,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6365,39 +6442,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6407,7 +6484,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6415,26 +6492,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6443,7 +6520,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6451,31 +6528,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6488,51 +6565,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6541,12 +6618,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6562,12 +6639,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "Намуна:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6576,14 +6653,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6592,24 +6669,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6617,19 +6694,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6638,7 +6715,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -6646,7 +6723,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6655,7 +6732,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -6663,22 +6740,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6688,14 +6765,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6708,12 +6785,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6723,81 +6800,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6806,74 +6883,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -6884,7 +6961,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -6892,53 +6969,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -6950,12 +7027,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -6963,43 +7040,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7007,14 +7084,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7024,19 +7101,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7044,7 +7121,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7052,106 +7129,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7160,59 +7237,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7221,22 +7298,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7245,14 +7322,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "НАМУНА" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7260,7 +7337,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7273,27 +7350,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7309,13 +7386,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "ЭЗОҲҲО" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9644,12 +9721,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9657,17 +9734,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9675,7 +9752,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9734,65 +9811,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9800,177 +9884,177 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 msgid "ipa_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -9978,34 +10062,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10013,12 +10097,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10026,33 +10110,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10060,59 +10144,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10120,128 +10204,128 @@ msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10251,19 +10335,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10271,7 +10355,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10283,12 +10367,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10296,7 +10380,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10306,80 +10390,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10393,7 +10477,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -10401,7 +10485,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11595,7 +11679,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11603,7 +11687,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11618,7 +11702,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11627,7 +11711,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11635,7 +11719,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11645,7 +11729,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -17250,7 +17334,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/uk.po b/src/man/po/uk.po index 500939ae8bc..d771cc877d0 100644 --- a/src/man/po/uk.po +++ b/src/man/po/uk.po @@ -15,7 +15,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2022-12-13 18:20+0000\n" "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n" "Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/sssd/" @@ -259,11 +259,11 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Типове значення: true" @@ -283,11 +283,11 @@ msgstr "" "journald, цей параметр буде проігноровано." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -329,8 +329,8 @@ msgstr "" "встановлення цього значення не впливає на інші типи журналювання)." #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -364,8 +364,8 @@ msgstr "" "самостійно." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Типове значення: 10" @@ -443,12 +443,12 @@ msgstr "" "\"systemctl enable sssd-@service@.socket\". </phrase>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -458,7 +458,7 @@ msgstr "" "визнання подальших спроб безнадійними." #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Типове значення: 3" @@ -487,7 +487,7 @@ msgstr "" "використовувати символ «/»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (рядок)" @@ -513,12 +513,12 @@ msgstr "" "ДОМЕНІВ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -530,32 +530,32 @@ msgstr "" "домену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "ім’я користувача" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "назва домену у форматі, вказаному у файлі налаштувань SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." @@ -564,7 +564,7 @@ msgstr "" "Directory, налаштованих та автоматично виявлених за зв’язками довіри IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -775,8 +775,8 @@ msgstr "" "default_domain_suffix." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -1133,7 +1133,7 @@ msgstr "" "різних доменах можуть бути однаковими." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Типове значення: не встановлено" @@ -1190,11 +1190,11 @@ msgstr "pam_cert_verification (рядок)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -1234,12 +1234,12 @@ msgstr "" "профілів. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "РОЗДІЛИ СЛУЖБ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -1252,22 +1252,22 @@ msgstr "" "у розділі <quote>[nss]</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "Загальні параметри налаштування служб" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "Цими параметрами можна скористатися для налаштування будь-яких служб." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1283,17 +1283,17 @@ msgstr "" "цього параметра і обмеженням \"hard\" у limits.conf." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "Типове значення: 8192 (або обмеження у limits.conf \"hard\")" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1309,17 +1309,17 @@ msgstr "" "до 10 секунд." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 msgid "Default: 60, KCM: 300" msgstr "Типове значення: 60, KCM: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "offline_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1337,7 +1337,7 @@ msgstr "" "із мережею нове значення обчислюється за такою формулою:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" @@ -1346,7 +1346,7 @@ msgstr "" "offline_timeout_random_offset]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1357,7 +1357,7 @@ msgstr "" "є 30. Кінцевий результат є кількістю секунд до наступної повторної спроби." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." @@ -1366,18 +1366,18 @@ msgstr "" "offline_timeout_max (окрім випадкової частини)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "Типове значення: 60" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 msgid "offline_timeout_max (integer)" msgstr "offline_timeout_max (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." @@ -1386,12 +1386,12 @@ msgstr "" "з'єднання із мережею після неуспішних спроби відновити з'єднання." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "Значення 0 вимикає збільшення проміжку часу." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." @@ -1400,7 +1400,7 @@ msgstr "" "параметра offline_timeout." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1414,7 +1414,7 @@ msgstr "" "offline_timeout_max, яке є принаймні учетверо більшим за offline_timeout." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." @@ -1423,17 +1423,17 @@ msgstr "" "стане перевизначення значення offline_timeout, тому не варто цього робити." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 msgid "Default: 3600" msgstr "Типове значення: 3600" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "offline_timeout_random_offset (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" @@ -1442,7 +1442,7 @@ msgstr "" "обробників із вказаними інтервалами часу:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" @@ -1452,27 +1452,27 @@ msgstr "" "числом у такому діапазоні:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "[0 - offline_timeout_random_offset]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "Значення 0 призводить до вимикання додавання випадкового зсуву." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 msgid "Default: 30" msgstr "Типове значення: 30" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "responder_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1491,18 +1491,18 @@ msgstr "" "і якщо служби активуються за допомогою або сокетів або D-Bus." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 -#: sssd-ldap.5.xml:331 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "Типове значення: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "cache_first" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." @@ -1511,12 +1511,12 @@ msgstr "" "запису до модулів засобів надання даних." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "Параметри налаштування NSS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -1524,12 +1524,12 @@ msgstr "" "Switch (NSS або перемикання служби визначення назв)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" @@ -1538,17 +1538,17 @@ msgstr "" "кеші nss_sss у секундах" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "Типове значення: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1559,7 +1559,7 @@ msgstr "" "entry_cache_timeout для домену період часу." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1574,7 +1574,7 @@ msgstr "" "розблокування після оновлення кешу." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1588,17 +1588,17 @@ msgstr "" "можливість." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "Типове значення: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1609,17 +1609,17 @@ msgstr "" "даних, зокрема неіснуючих) перед повторним запитом до сервера обробки." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "Типове значення: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "local_negative_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1631,17 +1631,17 @@ msgstr "" "цю можливість." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "Типове значення: 14400 (4 години)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1656,7 +1656,7 @@ msgstr "" "реєстраційного запису користувача (UPN)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1670,17 +1670,17 @@ msgstr "" "відфільтрованої групи." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "Типове значення: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" @@ -1688,12 +1688,12 @@ msgstr "" "встановіть для цього параметра значення «false»." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "fallback_homedir (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." @@ -1702,7 +1702,7 @@ msgstr "" "каталог не вказано явним чином засобом надання даних домену." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" @@ -1710,7 +1710,7 @@ msgstr "" "для параметра override_homedir." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1720,25 +1720,25 @@ msgstr "" " " #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "приклад: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" "Типове значення: не встановлено (без замін для невстановлених домашніх " "каталогів)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "override_shell (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1750,19 +1750,19 @@ msgstr "" "або для кожного з доменів окремо." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" "Типове значення: не встановлено (SSSD використовуватиме значення, отримане " "від LDAP)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "allowed_shells (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" @@ -1770,13 +1770,13 @@ msgstr "" "визначення оболонки є таким:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" "1. Якщо оболонку вказано у <quote>/etc/shells</quote>, її буде використано." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." @@ -1786,7 +1786,7 @@ msgstr "" "shell_fallback." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." @@ -1795,14 +1795,14 @@ msgstr "" "<quote>/etc/shells</quote>, буде використано оболонку nologin." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" "Для визначення будь-якої командної оболонки можна скористатися шаблоном " "заміни (*)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1814,12 +1814,12 @@ msgstr "" "справою." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "Порожній рядок оболонки буде передано без обробки до libc." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." @@ -1828,29 +1828,29 @@ msgstr "" "тобто у разі встановлення нової оболонки слід перезапустити SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" "Типове значення: не встановлено. Автоматично використовується оболонка " "користувача." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "vetoed_shells (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "Замінити всі записи цих оболонок на shell_fallback" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "shell_fallback (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" @@ -1858,17 +1858,17 @@ msgstr "" "системі не встановлено." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "Типове значення: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "default_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." @@ -1878,7 +1878,7 @@ msgstr "" "або на загальному рівні у розділі [nss], або окремо для кожного з доменів." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" @@ -1888,12 +1888,12 @@ msgstr "" "зазвичай /bin/sh)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "get_domains_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." @@ -1902,12 +1902,12 @@ msgstr "" "чинним." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "memcache_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." @@ -1917,7 +1917,7 @@ msgstr "" "пам'яті." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." @@ -1926,8 +1926,8 @@ msgstr "" "варто користуватися лише для тестування." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." @@ -1937,12 +1937,12 @@ msgstr "" "пам’яті." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "memcache_size_passwd (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1952,13 +1952,13 @@ msgstr "" "для запитів passwd. Встановлення розміру 0 вимкне кеш у пам'яті для passwd." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "Типове значення: 8" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." @@ -1967,12 +1967,12 @@ msgstr "" "значно погіршити швидкодію SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 msgid "memcache_size_group (integer)" msgstr "memcache_size_group (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1982,19 +1982,19 @@ msgstr "" "для запитів group. Встановлення розміру 0 вимкне кеш у пам'яті для group." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Типове значення: 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "memcache_size_initgroups (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -2005,12 +2005,12 @@ msgstr "" "initgroups." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 msgid "memcache_size_sid (integer)" msgstr "memcache_size_sid (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -2023,12 +2023,12 @@ msgstr "" "0 вимкне кеш у пам'яті для SID." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "user_attributes (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -2045,7 +2045,7 @@ msgstr "" "manvolnum> </citerefentry>, щоб дізнатися більше), але без типових значень." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." @@ -2054,19 +2054,19 @@ msgstr "" "на те, чи не встановлено його для відповідача NSS." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" "Типове значення: не встановлено, резервне значення визначається за " "параметром InfoPipe" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "pwfield (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." @@ -2075,12 +2075,12 @@ msgstr "" "груп, для поля <quote>password</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 msgid "Default: <quote>*</quote>" msgstr "Типове значення: <quote>*</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." @@ -2090,7 +2090,7 @@ msgstr "" "розділі [nss]." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 #, fuzzy #| msgid "" #| "Default: <quote>not set</quote> (remote domains), <quote>x</quote> (the " @@ -2107,12 +2107,12 @@ msgstr "" "nss_files і sssd-shadowutils)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "Параметри налаштування PAM" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." @@ -2121,12 +2121,12 @@ msgstr "" "Authentication Module (PAM або блокового модуля розпізнавання)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." @@ -2136,17 +2136,17 @@ msgstr "" "входу до системи)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "Типове значення: 0 (без обмежень)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." @@ -2155,12 +2155,12 @@ msgstr "" "дозволену кількість спроб входу з визначенням помилкового пароля." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." @@ -2170,7 +2170,7 @@ msgstr "" "системи." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -2182,17 +2182,17 @@ msgstr "" "увімкнути можливість автономного розпізнавання." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "Типове значення: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." @@ -2201,43 +2201,43 @@ msgstr "" "розпізнавання. Чим більшим є значення, тим більше повідомлень буде показано." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "У поточній версії sssd передбачено підтримку таких значень:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis>: не показувати жодних повідомлень" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis>: показувати лише важливі повідомлення" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis>: показувати всі інформаційні повідомлення" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" "<emphasis>3</emphasis>: показувати всі повідомлення та діагностичні дані" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "Типове значення: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "pam_response_filter (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -2251,7 +2251,7 @@ msgstr "" "встановлювати за допомогою pam_sss." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." @@ -2261,37 +2261,37 @@ msgstr "" "повідомлень." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "ENV" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "Не надсилати жодних змінних середовища до жодної служби." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "ENV:назва_змінної" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "Не надсилати змінної середовища назва_змінної до жодної служби." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "ENV:назва_змінної:служба" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "Не надсилати змінної середовища назва_змінної до вказаної служби." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -2300,7 +2300,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -2318,23 +2318,23 @@ msgstr "" "Змішування стилів вважається помилкою." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "Типове значення: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "Приклад: -ENV:KRB5CCNAME:sudo-i вилучає фільтр зі списку типових" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -2345,7 +2345,7 @@ msgstr "" "що розпізнавання виконується на основі найсвіжіших даних." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -2359,18 +2359,18 @@ msgstr "" "надання даних профілів." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" "Показати попередження за вказану кількість днів перед завершенням дії пароля." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -2381,7 +2381,7 @@ msgstr "" "попередження." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -2391,7 +2391,7 @@ msgstr "" "буде автоматично показано." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." @@ -2400,17 +2400,17 @@ msgstr "" "<emphasis>pwd_expiration_warning</emphasis> для окремого домену." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "Типове значення: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "pam_trusted_users (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -2426,13 +2426,13 @@ msgstr "" "під час запуску системи." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" "Типове значення: типово усі користувачі вважаються надійними (довіреними)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." @@ -2441,12 +2441,12 @@ msgstr "" "відповідача PAM, навіть якщо користувача немає у списку pam_trusted_users." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "pam_public_domains (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." @@ -2455,12 +2455,12 @@ msgstr "" "отримувати навіть ненадійні користувачі." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "Визначено два спеціальних значення параметра pam_public_domains:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" @@ -2468,7 +2468,7 @@ msgstr "" "PAM.)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" @@ -2477,19 +2477,19 @@ msgstr "" "відповідачі.)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "Типове значення: none" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "pam_account_expired_message (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." @@ -2498,7 +2498,7 @@ msgstr "" "замінити типове повідомлення «Доступ заборонено» («Permission denied»)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." @@ -2508,7 +2508,7 @@ msgstr "" "(показувати усі повідомлення і діагностичні дані)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2518,12 +2518,12 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "pam_account_locked_message (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." @@ -2532,7 +2532,7 @@ msgstr "" "типове повідомлення «Доступ заборонено» («Permission denied»)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2542,42 +2542,42 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 #, fuzzy #| msgid "pam_cert_auth (bool)" msgid "pam_passkey_auth (bool)" msgstr "pam_cert_auth (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "Типове значення: False" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "pam_cert_auth (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2588,22 +2588,22 @@ msgstr "" "розпізнавання, типово таку сертифікацію вимкнено." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "pam_cert_db_path (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "Шлях до бази даних сертифікатів." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "Типове значення:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" @@ -2612,12 +2612,12 @@ msgstr "" "служб сертифікації у форматі PEM)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "pam_cert_verification (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2632,7 +2632,7 @@ msgstr "" "<quote>certificate_verification</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2642,7 +2642,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." @@ -2652,26 +2652,26 @@ msgstr "" "<quote>[sssd]</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "p11_child_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" "Час у секундах, протягом якого pam_sss очікуватиме на завершення роботи " "p11_child." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "p11_child_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "p11_child_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 #, fuzzy #| msgid "How many seconds will pam_sss wait for p11_child to finish." msgid "" @@ -2681,12 +2681,12 @@ msgstr "" "p11_child." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "pam_app_services (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" @@ -2695,12 +2695,12 @@ msgstr "" "типу <quote>application</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "pam_p11_allowed_services (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." @@ -2709,7 +2709,7 @@ msgstr "" "використання смарткарток." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2719,7 +2719,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2738,64 +2738,64 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" "Типове значення: типовий набір назв служб PAM складається з таких значень:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "login" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "su" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "su-l" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "gdm-smartcard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "gdm-password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "kdm" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "sudo" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "sudo-i" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "gnome-screensaver" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "p11_wait_for_card_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2806,12 +2806,12 @@ msgstr "" "має чекати на вставлення смарткартки." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "p11_uri (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2830,7 +2830,7 @@ msgstr "" "слід використовувати вказаний зчитувач." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2840,7 +2840,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2850,7 +2850,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2864,17 +2864,17 @@ msgstr "" "який покаже і адреси PKCS#11." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "pam_initgroups_scheme" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "always" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" @@ -2882,12 +2882,12 @@ msgstr "" "буде все одно застосовано" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "no_session" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" @@ -2896,12 +2896,12 @@ msgstr "" "тобто якщо користувач не працює у системі" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "never" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" @@ -2910,7 +2910,7 @@ msgstr "" "аж доки вони не застаріють" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2923,17 +2923,17 @@ msgstr "" "таких значень: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "Типове значення: no_session" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "pam_gssapi_services" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." @@ -2942,7 +2942,7 @@ msgstr "" "розпізнавання за GSSAPI за допомогою модуля pam_sss_gss.so." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" @@ -2950,7 +2950,7 @@ msgstr "" "значення <quote>-</quote> (дефіс)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2962,7 +2962,7 @@ msgstr "" "вищий пріоритет за значення у розділі домену." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2972,22 +2972,22 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Приклад: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "Типове значення: - (розпізнавання за GSSAPI вимкнено)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "pam_gssapi_check_upn" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2999,7 +2999,7 @@ msgstr "" "вважатиметься неуспішним, якщо перевірку не буде пройдено." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." @@ -3008,18 +3008,18 @@ msgstr "" "зможуть отримати бажаний квиток служби." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Типове значення: True" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "pam_gssapi_indicators_map" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -3030,7 +3030,7 @@ msgstr "" "відокремлених комами індикаторів розпізнавання." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -3055,7 +3055,7 @@ msgstr "" "служби PAM є порожнім, перевірка не закриватиме доступ для жодного запису." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -3066,7 +3066,7 @@ msgstr "" "вимкнути перевірку для певної служби PAM, додайте <quote>служба:-</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" @@ -3075,7 +3075,7 @@ msgstr "" "індикаторів розпізнавання:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." @@ -3084,7 +3084,7 @@ msgstr "" "зберігаються у файлах або на смарткартках." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." @@ -3093,12 +3093,12 @@ msgstr "" "розпізнавання у обгортці каналу FAST." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "radius — попереднє розпізнавання за допомогою сервера RADIUS." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." @@ -3107,14 +3107,14 @@ msgstr "" "розпізнавання (2FA або одноразовий пароль, OTP) в IPA." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" "idp — попереднє розпізнавання за допомогою зовнішнього надавача даних " "профілів." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -3124,7 +3124,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -3136,19 +3136,19 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" "Типове значення: не встановлено (немає потреби у використанні індикаторів " "розпізнавання)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "Параметри налаштування SUDO" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -3166,12 +3166,12 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "sudo_timed (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." @@ -3180,12 +3180,12 @@ msgstr "" "призначені для визначення часових обмежень для записів sudoers." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "sudo_threshold (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -3201,22 +3201,22 @@ msgstr "" "sudo IPA та групових пошуків команд." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "Параметри налаштування AUTOFS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "Цими параметрами можна скористатися для налаштування служби autofs." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "autofs_negative_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -3227,22 +3227,22 @@ msgstr "" "базі даних, зокрема неіснуючих) перед повторним запитом до сервера обробки." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "Параметри налаштувань SSH" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "Цими параметрами можна скористатися для налаштування служби SSH." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "ssh_hash_known_hosts (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." @@ -3250,12 +3250,12 @@ msgstr "" "Чи слід хешувати назви та адреси вузлів у керованому файлі known_hosts." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "ssh_known_hosts_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." @@ -3264,17 +3264,17 @@ msgstr "" "файлі known_hosts після надсилання запиту щодо ключів вузла." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "Типове значення: 180" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "ssh_use_certificate_keys (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -3288,12 +3288,12 @@ msgstr "" "refentrytitle> <manvolnum>1</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "ssh_use_certificate_matching_rules (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -3309,7 +3309,7 @@ msgstr "" "відокремлених комами. Усі інші правила буде проігноровано." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -3321,7 +3321,7 @@ msgstr "" "сертифікатів." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -3334,7 +3334,7 @@ msgstr "" "розпізнавання за сертифікатом." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." @@ -3344,7 +3344,7 @@ msgstr "" "проігноровано." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" @@ -3353,12 +3353,12 @@ msgstr "" "використано усі знайдені правила або типове правило" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "ca_db (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." @@ -3367,12 +3367,12 @@ msgstr "" "перевірки сертифікатів користувачів до отримання з них відкритих ключів ssh." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "Параметри налаштування відповідача PAC" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -3390,7 +3390,7 @@ msgstr "" "декодовано і визначено, виконуються деякі з таких дій:" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -3408,7 +3408,7 @@ msgstr "" "параметра default_shell." #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." @@ -3417,18 +3417,18 @@ msgstr "" "додано до цих груп." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" "Цими параметрами можна скористатися для налаштовування відповідача PAC." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "allowed_uids (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -3439,14 +3439,14 @@ msgstr "" "іменами користувачів визначатимуться під час запуску." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" "Типове значення: 0 (доступ до відповідача PAC має лише адміністративний " "користувач (root))" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -3460,12 +3460,12 @@ msgstr "" "запис 0." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "pac_lifetime (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." @@ -3474,12 +3474,12 @@ msgstr "" "використовувати для визначення членства користувача у групі." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 msgid "pac_check (string)" msgstr "pac_check (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -3496,12 +3496,12 @@ msgstr "" "krb5_validate встановлено значення «False», перевірки PAC буде пропущено." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "no_check" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." @@ -3510,12 +3510,12 @@ msgstr "" "виконано не буде." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "pac_present" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -3526,12 +3526,12 @@ msgstr "" "зазнає невдачі." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "check_upn" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." @@ -3540,12 +3540,12 @@ msgstr "" "користувача (UPN)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "check_upn_allow_missing" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -3565,7 +3565,7 @@ msgstr "" "потреби." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -3582,23 +3582,23 @@ msgstr "" "призведе до пропускання перевірки, і повідомлення зникне з журналу." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "upn_dns_info_present" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" "PAC має містити буфер UPN-DNS-INFO; неявним чином встановлює «check_upn»." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "check_upn_dns_info_ex" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." @@ -3607,12 +3607,12 @@ msgstr "" "узгодженими дані у розширенні." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "upn_dns_info_ex_present" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." @@ -3621,7 +3621,7 @@ msgstr "" "«check_upn_dns_info_ex», «upn_dns_info_present» і «check_upn»." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -3630,7 +3630,7 @@ msgstr "" "відокремлених комами значень: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" @@ -3639,12 +3639,12 @@ msgstr "" "check_upn_allow_missing, check_upn_dns_info_ex»)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "Параметри налаштовування запису сеансів" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -3659,32 +3659,32 @@ msgstr "" "session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "Цими параметрами можна скористатися для налаштовування запису сеансів." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "scope (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "\"none\"" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "Користувачі не записуються." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "\"some\"" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." @@ -3693,17 +3693,17 @@ msgstr "" "<replaceable>користувачі</replaceable> і <replaceable>групи</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "\"all\"" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "Усі користувачі записуються." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -3712,17 +3712,17 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "Типове значення: none" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "users (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3734,17 +3734,17 @@ msgstr "" "тощо." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "Типове значення: порожнє. Не відповідає жодному користувачу." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "groups (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3756,7 +3756,7 @@ msgstr "" "символів тощо." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3769,17 +3769,17 @@ msgstr "" "належить користувач." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "Типове значення: порожнє. Не відповідає жодній групі." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 msgid "exclude_users (string)" msgstr "exclude_users (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." @@ -3788,17 +3788,17 @@ msgstr "" "записування. Може бути застосовано лише разом із «scope=all»." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "Типове значення: порожнє. Не виключати жодного користувача." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "exclude_groups (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." @@ -3807,22 +3807,22 @@ msgstr "" "із записування. Може бути застосовано лише разом із «scope=all»." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "Типове значення: порожнє. Не виключати жодної групи." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "РОЗДІЛИ ДОМЕНІВ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "enabled" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3837,12 +3837,12 @@ msgstr "" "параметрі доменів у розділі <quote>[sssd]</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "domain_type (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3855,7 +3855,7 @@ msgstr "" "з доменів POSIX." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." @@ -3864,7 +3864,7 @@ msgstr "" "<quote>application</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3876,7 +3876,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) і відповідача PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." @@ -3885,7 +3885,7 @@ msgstr "" "application з <quote>id_provider=ldap</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." @@ -3894,17 +3894,17 @@ msgstr "" "ласка, ознайомтеся із розділом <quote>Домени програм</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "Типове значення: posix" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (ціле значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." @@ -3913,7 +3913,7 @@ msgstr "" "відповідає цим обмеженням, його буде проігноровано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3926,7 +3926,7 @@ msgstr "" "основної групи і належать діапазону, буде виведено у звичайному режимі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." @@ -3935,17 +3935,17 @@ msgstr "" "лише повернення записів за назвою або ідентифікатором." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Типові значення: 1 для min_id, 0 (без обмежень) для max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "enumerate (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3958,22 +3958,22 @@ msgstr "" "мати такі значення:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = користувачі і групи нумеруються" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = не використовувати нумерацію для цього домену" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "Типове значення: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." @@ -3982,7 +3982,7 @@ msgstr "" "користувачів і груп із віддаленого сервера." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -4005,7 +4005,7 @@ msgstr "" "<quote>sssd_be</quote> або навіть перезапуску усього засобу стеження." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." @@ -4015,7 +4015,7 @@ msgstr "" "завершено." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -4029,7 +4029,7 @@ msgstr "" "відповідного використаного засобу обробки ідентифікаторів (id_provider)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." @@ -4038,32 +4038,32 @@ msgstr "" "об’ємних середовищах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "subdomain_enumerate (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "all" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "Усі виявлені надійні домени буде пронумеровано" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "Нумерація виявлених надійних доменів не виконуватиметься" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -4076,12 +4076,12 @@ msgstr "" "доменів, для яких буде увімкнено нумерацію." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" @@ -4090,7 +4090,7 @@ msgstr "" "надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -4107,17 +4107,17 @@ msgstr "" "<manvolnum>8</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "Типове значення: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "entry_cache_user_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" @@ -4126,19 +4126,19 @@ msgstr "" "чинними, перш ніж надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "Типове значення: entry_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "entry_cache_group_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" @@ -4147,12 +4147,12 @@ msgstr "" "ніж надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "entry_cache_netgroup_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" @@ -4161,12 +4161,12 @@ msgstr "" "чинними, перш ніж надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "entry_cache_service_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" @@ -4175,12 +4175,12 @@ msgstr "" "ніж надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "entry_cache_resolver_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" @@ -4189,12 +4189,12 @@ msgstr "" "чинними, перш ніж надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "entry_cache_sudo_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" @@ -4203,12 +4203,12 @@ msgstr "" "надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "entry_cache_autofs_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" @@ -4217,12 +4217,12 @@ msgstr "" "чинними, перш ніж надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "entry_cache_ssh_host_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." @@ -4232,12 +4232,12 @@ msgstr "" "вузла у кеші." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "entry_cache_computer_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" @@ -4246,12 +4246,12 @@ msgstr "" "перш ніж надсилати запит до модуля обробки даних знову" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "refresh_expired_interval (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." @@ -4261,7 +4261,7 @@ msgstr "" "вичерпано або майже вичерпано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -4275,18 +4275,18 @@ msgstr "" "запис користувача, і дані щодо участі у групах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "Цей параметр автоматично успадковується для усіх довірених доменів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" "Варто визначити для цього параметра значення 3/4 * entry_cache_timeout." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -4307,28 +4307,29 @@ msgstr "" "чинність наявного кешу." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "Типове значення: 0 (вимкнено)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "cache_credentials (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 -#, fuzzy -#| msgid "" -#| "Determines if user credentials are also cached in the local LDB cache" -msgid "Determines if user credentials are also cached in the local LDB cache." +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" -"Визначає, чи слід також кешувати реєстраційні дані користувача у локальному " -"кеші LDB" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -4337,12 +4338,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "cache_credentials_minimal_first_factor_length (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -4354,7 +4355,7 @@ msgstr "" "контрольної суми SHA512 у кеші." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." @@ -4364,12 +4365,12 @@ msgstr "" "мішенню атак із перебиранням паролів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -4382,17 +4383,17 @@ msgstr "" "offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "Типове значення: 0 (без обмежень)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -4405,17 +4406,17 @@ msgstr "" "даних розпізнавання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Типове значення: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "id_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -4423,12 +4424,12 @@ msgstr "" "Серед підтримуваних засобів такі:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "«proxy»: підтримка застарілого модуля надання даних NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4440,7 +4441,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4451,13 +4452,18 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" "<quote>ipa</quote>: засіб FreeIPA та керування профілями Red Hat Enterprise. " "Докладніші відомості щодо налаштовування IPA викладено у довіднику з " @@ -4465,8 +4471,8 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4478,12 +4484,12 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -4493,7 +4499,7 @@ msgstr "" "NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -4506,7 +4512,7 @@ msgstr "" "не покаже користувача, а <command>getent passwd test@LOCAL</command> покаже." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -4517,7 +4523,7 @@ msgstr "" "груп, якщо задано неповну назву, буде виконано пошук у всіх доменах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" @@ -4526,17 +4532,17 @@ msgstr "" "використано default_domain_suffix)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "Не повертати записи учасників груп для пошуків груп." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -4555,7 +4561,7 @@ msgstr "" "$groupname</quote> поверне запитану групу так, наче вона була порожня." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -4566,11 +4572,11 @@ msgstr "" "учасників." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." @@ -4579,12 +4585,12 @@ msgstr "" "успадковано за допомогою <emphasis>subdomain_inherit</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "auth_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -4593,7 +4599,7 @@ msgstr "" "служб розпізнавання:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4605,7 +4611,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4617,18 +4623,18 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "<quote>proxy</quote> — трансльоване розпізнавання у іншій системі PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> — вимкнути розпізнавання повністю." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -4637,12 +4643,12 @@ msgstr "" "спосіб встановлено і можлива обробка запитів щодо розпізнавання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "access_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -4653,7 +4659,7 @@ msgstr "" "Вбудованими програмами є:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -4662,12 +4668,12 @@ msgstr "" "доступу для локального домену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> — завжди забороняти доступ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -4680,7 +4686,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4692,24 +4698,24 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" "<quote>proxy</quote> — для трансляції керування доступом до іншого модуля " "PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "Типове значення: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "chpass_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4718,7 +4724,7 @@ msgstr "" "підтримку таких систем зміни паролів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4730,7 +4736,7 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4742,18 +4748,18 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "<quote>none</quote> — явно вимкнути можливість зміни пароля." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4762,19 +4768,19 @@ msgstr "" "цього параметра і якщо система здатна обробляти запити щодо паролів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "sudo_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "Служба SUDO, яку використано для цього домену. Серед підтримуваних служб " "SUDO:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4786,7 +4792,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." @@ -4795,7 +4801,7 @@ msgstr "" "параметрами IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." @@ -4804,20 +4810,20 @@ msgstr "" "параметрами AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote> явним чином вимикає SUDO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "Типове значення: використовується значення <quote>id_provider</quote>, якщо " "його встановлено." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4836,7 +4842,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4850,12 +4856,12 @@ msgstr "" "sudo у SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "selinux_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4866,7 +4872,7 @@ msgstr "" "доступу. Передбачено підтримку таких засобів надання даних SELinux:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4878,14 +4884,14 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" "<quote>none</quote> явним чином забороняє отримання даних щодо параметрів " "SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." @@ -4894,12 +4900,12 @@ msgstr "" "спосіб встановлено і можлива обробка запитів щодо завантаження SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "subdomains_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" @@ -4909,7 +4915,7 @@ msgstr "" "підтримку таких засобів надання даних піддоменів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4921,7 +4927,7 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4934,17 +4940,17 @@ msgstr "" "налаштовування засобу надання даних AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "<quote>none</quote> забороняє ячним чином отримання даних піддоменів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "session_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4956,14 +4962,14 @@ msgstr "" "постачальники даних сеансів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" "<quote>ipa</quote>, щоб дозволити пов'язані із сеансами користувачів " "завдання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" @@ -4971,7 +4977,7 @@ msgstr "" "користувачів завдань." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." @@ -4980,7 +4986,7 @@ msgstr "" "його встановлено і дозволено виконувати пов'язані із сеансами завдання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." @@ -4990,12 +4996,12 @@ msgstr "" "непривілейованого користувача." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "autofs_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -5003,7 +5009,7 @@ msgstr "" "autofs:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -5015,7 +5021,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -5027,7 +5033,7 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -5039,17 +5045,17 @@ msgstr "" "надання даних AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> вимикає autofs повністю." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "hostid_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -5058,7 +5064,7 @@ msgstr "" "вузла. Серед підтримуваних засобів надання hostid:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -5070,17 +5076,17 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> вимикає hostid повністю." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "resolver_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" @@ -5089,7 +5095,7 @@ msgstr "" "підтримку таких надавачів даних для визначення:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" @@ -5098,7 +5104,7 @@ msgstr "" "Див. <quote>proxy_resolver_lib_name</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -5110,7 +5116,7 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -5123,13 +5129,13 @@ msgstr "" "налаштовування засобу надання даних AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" "<quote>none</quote> забороняє ячним чином отримання даних вузлів і мереж." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -5143,7 +5149,7 @@ msgstr "" "IPA та доменів Active Directory, простій назві (NetBIOS) домену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3560 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5160,17 +5166,17 @@ msgstr "" "різні стилі запису імен користувачів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "користувач" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "користувач@назва.домену" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3573 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5189,12 +5195,12 @@ msgstr "" "різні стилі запису імен користувачів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "домен\\користувач" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." @@ -5203,7 +5209,7 @@ msgstr "" "того, щоб полегшити інтеграцію користувачів з доменів Windows." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -5213,17 +5219,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Типове значення: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "lookup_family_order (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -5232,48 +5238,48 @@ msgstr "" "під час виконання пошуків у DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "Передбачено підтримку таких значень:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first: спробувати визначити адресу у форматі IPv4, у разі невдачі " "спробувати формат IPv6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" "ipv4_only: намагатися визначити назви вузлів лише у форматі адрес IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first: спробувати визначити адресу у форматі IPv6, у разі невдачі " "спробувати формат IPv4" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" "ipv6_only: намагатися визначити назви вузлів лише у форматі адрес IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "Типове значення: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3679 msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_server_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." @@ -5282,7 +5288,7 @@ msgstr "" "обмінятися даними із сервером DNS, перш ніж пробувати наступний сервер DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" @@ -5290,7 +5296,7 @@ msgstr "" "очікування на відгук на луна-імпульс CLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." @@ -5299,17 +5305,17 @@ msgstr "" "більше про розв'язування питань, пов'язаних із службами." #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "Типове значення: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3702 msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_op_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -5321,12 +5327,12 @@ msgstr "" "наступного DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -5339,12 +5345,12 @@ msgstr "" "роботу у автономному режимі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3743 msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_use_search_list (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -5355,7 +5361,7 @@ msgstr "" "затримок у середовищах, де DNS не налаштовано належним чином." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -5366,17 +5372,17 @@ msgstr "" "пошукам DNS у таких середовищах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "Типове значення: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -5385,54 +5391,54 @@ msgstr "" "частину запиту визначення служб DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" "Типова поведінка: використовувати назву домену з назви вузла комп’ютера." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "override_gid (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "Замірити значення основного GID на вказане." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "case_sensitive (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" "Враховується регістр. Це значення є некоректним для засобу надання даних AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "Без врахування регістру." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "Preserving" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -5444,7 +5450,7 @@ msgstr "" "буде переведено у нижній регістр." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." @@ -5453,7 +5459,7 @@ msgstr "" "даних IPA, вам доведеться встановити його на боці клієнта і SSSD на сервері." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -5462,17 +5468,17 @@ msgstr "" "значення: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "Типове значення: True (False для засобу надання даних AD)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "subdomain_inherit (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -5484,47 +5490,47 @@ msgstr "" "параметрів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "ldap_search_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "ldap_network_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3858 msgid "ldap_offline_timeout" msgstr "ldap_offline_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3861 msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" @@ -5533,57 +5539,57 @@ msgstr "" "ldap_krb5_keytab не встановлено явним чином)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3880 msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3883 msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3886 msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "auto_private_groups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "case_sensitive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -5593,28 +5599,28 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" "Зауваження: цей параметр працює лише для засобів надання даних IPA і AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "спрощена (NetBIOS) назва піддомену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -5629,7 +5635,7 @@ msgstr "" "emphasis>. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" @@ -5637,17 +5643,17 @@ msgstr "" "emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Типове значення: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "realmd_tags (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" @@ -5655,12 +5661,12 @@ msgstr "" "домену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "cached_auth_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -5674,7 +5680,7 @@ msgstr "" "розпізнавання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." @@ -5684,12 +5690,12 @@ msgstr "" "значення для різних довірених доменів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "Спеціальне значення 0 означає, що цю можливість вимкнено." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -5700,17 +5706,95 @@ msgstr "" "обробки <quote>initgroups</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3989 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "" +#| "The following example creates a container named 'mycontainer': " +#| "<placeholder type=\"programlisting\" id=\"0\"/>" +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"У наступному прикладі створюємо контейнер із назвою «mycontainer»: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: mail" +msgid "Default: match" +msgstr "Типове значення: mail" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "auto_private_groups (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." @@ -5719,7 +5803,7 @@ msgstr "" "користувача. У цьому випадку номер GID буде проігноровано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5732,12 +5816,12 @@ msgstr "" "примусово встановлює унікальність записів у просторі ідентифікаторів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "false" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." @@ -5746,12 +5830,12 @@ msgstr "" "вказувати на об'єкт групи у базі даних LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "hybrid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5766,7 +5850,7 @@ msgstr "" "цього користувача визначатиме цей об'єкт групи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." @@ -5775,7 +5859,7 @@ msgstr "" "групи, інакше надійне визначення GID буде просто неможливим." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5786,7 +5870,7 @@ msgstr "" "збереженням наявних приватних груп для користувачів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -5795,7 +5879,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." @@ -5805,7 +5889,7 @@ msgstr "" "використовується автоматична прив'язка до ідентифікаторів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5815,7 +5899,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5827,7 +5911,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5841,7 +5925,7 @@ msgstr "" "subdomain_inherit: <placeholder type=\"programlisting\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -5852,31 +5936,36 @@ msgstr "" "quote> <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "Комп’ютер, для якого виконує проксі-сервер PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4145 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" "Типове значення: типово не встановлено, вам слід скористатися вже створеними " "налаштуваннями pam або створити нові і тут додати назву служби." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5887,12 +5976,12 @@ msgstr "" "наприклад _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "proxy_resolver_lib_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5903,12 +5992,12 @@ msgstr "" "_nss_$(назва_бібліотеки)_$(функція), наприклад _nss_dns_gethostbyname2_r." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5923,12 +6012,12 @@ msgstr "" "у кеші, щоб пришвидшити надання результатів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "proxy_max_children (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5940,7 +6029,7 @@ msgstr "" "використання черги запитів." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5949,12 +6038,12 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "Домени програм (application)" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5982,7 +6071,7 @@ msgstr "" "який може успадковувати параметр з традиційного домену SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5993,17 +6082,17 @@ msgstr "" "його доменом-близнюком у POSIX має бути встановлено належним чином." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "Параметри доменів програм" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "inherit_from (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -6015,7 +6104,7 @@ msgstr "" "розширюють або перевизначають параметри домену-<quote>близнюка</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -6030,7 +6119,7 @@ msgstr "" "у кеші і робить атрибут phone доступним через інтерфейс D-Bus." #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -6064,12 +6153,12 @@ msgstr "" "ldap_user_extra_attrs = phone:telephoneNumber\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "РОЗДІЛ ДОВІРЕНИХ ДОМЕНІВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -6087,57 +6176,57 @@ msgstr "" "такі параметри:" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "ldap_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "ldap_user_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "ldap_group_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "ldap_netgroup_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "ldap_service_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "ldap_sasl_mech," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "ad_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "ad_backup_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "ad_site," #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "use_fully_qualified_names" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." @@ -6146,12 +6235,12 @@ msgstr "" "підручника." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "РОЗДІЛ ПРИВ'ЯЗКИ СЕРТИФІКАТІВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -6174,7 +6263,7 @@ msgstr "" "використовують для розпізнавання PAM." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -6186,7 +6275,7 @@ msgstr "" "citerefentry>)." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -6199,12 +6288,12 @@ msgstr "" "replaceable>]</quote>. У цьому розділі можна використовувати такі параметри:" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "matchrule (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." @@ -6213,7 +6302,7 @@ msgstr "" "цьому правилу. Усі інші сертифікати буде проігноровано." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" @@ -6223,17 +6312,17 @@ msgstr "" "<quote>clientAuth</quote>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "maprule (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "Визначає спосіб пошуку користувача для вказаного сертифіката." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." @@ -6242,7 +6331,7 @@ msgstr "" "даних, зокрема <quote>ldap</quote>, <quote>AD</quote> та <quote>ipa</quote>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." @@ -6251,12 +6340,12 @@ msgstr "" "запис користувача і такою самою назвою." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "domains (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -6269,17 +6358,17 @@ msgstr "" "параметр можна використати і для додавання правила до піддоменів." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "Типове значення: домен, який налаштовано у sssd.conf" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "priority (ціле число)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -6290,12 +6379,12 @@ msgstr "" "пріоритетність, а <quote>4294967295</quote> — найнижча." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "Типове значення: найнижча пріоритетність" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" @@ -6305,7 +6394,7 @@ msgstr "" "спеціальних властивостей:" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" @@ -6314,7 +6403,7 @@ msgstr "" "відповідного облікового запису користувача" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -6327,17 +6416,17 @@ msgstr "" "quote> або <quote>({назва_об'єкта_rfc822.коротка_назва})</quote>" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "параметр <quote>domains</quote> буде проігноровано" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "РОЗДІЛ НАЛАШТОВУВАННЯ ЗАПИТІВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -6353,7 +6442,7 @@ msgstr "" "реєстраційних даних." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -6367,22 +6456,22 @@ msgstr "" "випадках мають забезпечити описані нижче параметри." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "password_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "для зміни рядка запиту пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -6391,37 +6480,37 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "[prompting/2fa]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "для зміни рядка запиту для першого фактора" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "second_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "для зміни рядка запиту для другого фактора" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "single_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -6434,7 +6523,7 @@ msgstr "" "якщо другий фактор не є обов'язковим." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -6447,19 +6536,19 @@ msgstr "" "паролем, або за двома факторами, має бути використано двокроковий запит." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4514 #, fuzzy #| msgid "[prompting/password]" msgid "[prompting/passkey]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -6467,47 +6556,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4530 #, fuzzy #| msgid "interactive" msgid "interactive_prompt" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4532 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the interactive prompt." msgstr "для зміни рядка запиту пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4545 #, fuzzy #| msgid "first_prompt" msgid "touch_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4547 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the touch prompt." msgstr "для зміни рядка запиту пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4516 #, fuzzy #| msgid "" #| "to configure two-factor authentication prompting, allowed options are: " @@ -6520,7 +6609,7 @@ msgstr "" "параметри: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4467 #, fuzzy #| msgid "" #| "Each supported authentication method has its own configuration subsection " @@ -6539,7 +6628,7 @@ msgstr "" "type=\"variablelist\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -6550,12 +6639,12 @@ msgstr "" "для цієї служби." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "ПРИКЛАДИ" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -6609,7 +6698,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -6622,7 +6711,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -6632,7 +6721,7 @@ msgstr "" "use_fully_qualified_names = false\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -6649,7 +6738,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4615 #, fuzzy, no-wrap #| msgid "" #| "[certmap/my.domain/rule_name]\n" @@ -6677,7 +6766,7 @@ msgstr "" "matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$<SUBJECT>^CN=User.Name,DC=MY,DC=DOMAIN$\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4609 #, fuzzy #| msgid "" #| "3. The following example shows the configuration for two certificate " @@ -6751,14 +6840,23 @@ msgstr "Ви можете налаштувати SSSD на використан #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" "У основному модулі LDAP передбачено підтримку засобів надання ідентифікатора " "(id), уповноважень (auth), доступу (access) та зміни паролів (chpass). Якщо " @@ -6771,19 +6869,19 @@ msgstr "" "більше про використання LDAP, як засобу керування доступом." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "ПАРАМЕТРИ НАЛАШТУВАННЯ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "ldap_uri, ldap_backup_uri (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -6798,34 +6896,34 @@ msgstr "" "служб. Докладніші відомості можна знайти у розділі «ПОШУК СЛУЖБ»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "Формат адреси має відповідати формату, що визначається RFC 2732:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<вузол>[:порт]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" "У явних адресах IPv6 <вузол> має бути вказано у квадратних дужках, []" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "приклад: ldap://[fc00::126:25]:389" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -6838,31 +6936,31 @@ msgstr "" "резервні ресурси та додаткові сервери." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "Для того, щоб уможливити визначення служб, слід встановити значення " "параметра ldap_chpass_dns_service_name." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "Типове значення: порожнє, тобто використовується ldap_uri." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "ldap_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" "Типова базова назва домену, яку слід використовувати для виконання дій від " "імені користувача LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" @@ -6871,19 +6969,19 @@ msgstr "" "основ для пошуку за допомогою таких синтаксичних конструкцій:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "основа_пошуку[?діапазон?[фільтр][?основа_пошуку?діапазон?[фільтр]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" "Діапазоном може бути одне зі значень, «base» (основа), «onelevel» (окремий " "рівень) або «subtree» (піддерево)." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" @@ -6892,13 +6990,13 @@ msgstr "" "специфікації http://www.ietf.org/rfc/rfc2254.txt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "Приклади:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" @@ -6907,7 +7005,7 @@ msgstr "" "dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" @@ -6916,7 +7014,7 @@ msgstr "" "(host=thishost)?dc=example.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -6929,7 +7027,7 @@ msgstr "" "непередбачуваних результатів на клієнтських комп’ютерах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -6946,12 +7044,12 @@ msgstr "" "Підтримки визначення декількох значень не передбачено." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "ldap_schema (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -6962,32 +7060,32 @@ msgstr "" "можуть бути різними. Спосіб обробки атрибутів також може бути різним." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "У поточній версії передбачено підтримку чотирьох типів схем:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "rfc2307bis" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -7005,38 +7103,38 @@ msgstr "" "Active Directory 2008r2." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "Типове значення: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "ldap_pwmodify_mode (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "Визначає дію, яку буде здійснено для зміни пароля користувача." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "У поточній версії передбачено два режими:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "exop — розширена дія зі зміни пароля (RFC 3062)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" "ldap_modify — безпосереднє внесення змін до userPassword (не рекомендуємо)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -7050,54 +7148,54 @@ msgstr "" "запису атрибута userPassword." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "Типове значення: exop" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" "Типова назва домену прив’язки, яку слід використовувати для виконання дій " "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "Тип розпізнавання для типової назви сервера прив’язки." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "У поточній версії передбачено підтримку двох механізмів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "Типове значення: password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." @@ -7107,22 +7205,22 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "Лексема розпізнавання типової назви сервера прив’язки." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -7136,12 +7234,12 @@ msgstr "" "області у верхньому регістрі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." @@ -7150,12 +7248,12 @@ msgstr "" "свого кешу нумерованих записів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "ldap_purge_cache_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -7166,7 +7264,7 @@ msgstr "" "цих записів з метою економії місця." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -7180,12 +7278,12 @@ msgstr "" "кожні 3 години." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -7197,7 +7295,7 @@ msgstr "" "параметра буде проігноровано, якщо використано схему RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -7213,7 +7311,7 @@ msgstr "" "початкового пошуку, якщо запити щодо пошуку надходять повторно." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -7229,12 +7327,12 @@ msgstr "" "обмеження вкладеності у групах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "Типове значення: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." @@ -7244,24 +7342,24 @@ msgstr "" "Directory Server 2008 та новіших версій." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "Типове значення: True для AD і IPA, інакше False." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "ldap_host_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" "Необов’язковий. Використати вказаний рядок як основу пошуку об’єктів вузлів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." @@ -7270,32 +7368,32 @@ msgstr "" "налаштування декількох основ пошуку." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "Типове значення: значення <emphasis>ldap_search_base</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "ldap_service_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "ldap_iphost_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "ldap_ipnetwork_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -7306,7 +7404,7 @@ msgstr "" "автономного режиму роботи)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -7317,12 +7415,12 @@ msgstr "" "окремих типів пошуків." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -7333,12 +7431,12 @@ msgstr "" "кешованих даних (і переходом до автономного режиму роботи)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -7355,12 +7453,12 @@ msgstr "" "citerefentry> повертається до стану бездіяльності." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -7374,12 +7472,12 @@ msgstr "" "розширеної операції зі зміни пароля та дії StartTLS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (ціле значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -7393,7 +7491,7 @@ msgstr "" "дії TGT)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -7411,7 +7509,7 @@ msgstr "" "<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" @@ -7420,17 +7518,17 @@ msgstr "" "параметром <emphasis>ldap_connection_expire_offset</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "Типове значення: 900 (15 хвилин)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "ldap_connection_expire_offset (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." @@ -7439,12 +7537,12 @@ msgstr "" "<emphasis>ldap_connection_expire_timeout</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 msgid "ldap_connection_idle_timeout (integer)" msgstr "ldap_connection_idle_timeout (ціле значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -7455,17 +7553,17 @@ msgstr "" "бездіяльним понад цей час, з'єднання буде розірвано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "Ви можете вимкнути цей час очікування, встановивши значення 0." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." @@ -7475,12 +7573,12 @@ msgstr "" "один запит." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "ldap_disable_paging (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -7491,7 +7589,7 @@ msgstr "" "RootDSE, але цю підтримку не увімкнено або вона не працює належним чином." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." @@ -7501,7 +7599,7 @@ msgstr "" "підтримкою не можна скористатися." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -7512,17 +7610,17 @@ msgstr "" "це може призвести до відмови у виконанні запитів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "ldap_disable_range_retrieval (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "Вимкнути отримання діапазону Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -7538,12 +7636,12 @@ msgstr "" "буде представлено як такі, у яких немає учасників." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "ldap_sasl_minssf (ціле значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -7554,19 +7652,19 @@ msgstr "" "параметра визначається OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" "Типове значення: типове для системи значення (зазвичай, визначається у ldap." "conf)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "ldap_sasl_maxssf (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -7577,12 +7675,12 @@ msgstr "" "цього параметра визначається OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -7594,7 +7692,7 @@ msgstr "" "виконуватиметься окремо." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -7612,7 +7710,7 @@ msgstr "" "rootDSE." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -7625,7 +7723,7 @@ msgstr "" "OpenLDAP та Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -7636,12 +7734,12 @@ msgstr "" "незалежно від використання цього параметра." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "ldap_ignore_unreadable_references (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -7653,7 +7751,7 @@ msgstr "" "простого ігнорування непридатного до читання запису." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -7665,12 +7763,12 @@ msgstr "" "міркувань безпеки." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -7680,7 +7778,7 @@ msgstr "" "таких значень:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -7689,7 +7787,7 @@ msgstr "" "жодних сертифікатів сервера." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -7701,7 +7799,7 @@ msgstr "" "режимі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -7712,7 +7810,7 @@ msgstr "" "надано помилковий сертифікат, негайно перервати сеанс." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -7723,22 +7821,22 @@ msgstr "" "перервати сеанс." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = те саме, що і <quote>demand</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "Типове значення: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -7747,7 +7845,7 @@ msgstr "" "розпізнаються <command>sssd</command>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -7756,12 +7854,12 @@ msgstr "" "у <filename>/etc/openldap/ldap.conf</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -7774,32 +7872,32 @@ msgstr "" "<command>cacertdir_rehash</command>, якщо ця програма є доступною." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "Визначає файл, який містить сертифікат для ключа клієнта." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "Визначає файл, у якому міститься ключ клієнта." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -7811,26 +7909,31 @@ msgstr "" "<manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" "Визначає, що з’єднання id_provider має також використовувати <systemitem " "class=\"protocol\">tls</systemitem> для захисту каналу." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "ldap_id_mapping (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -7842,19 +7945,19 @@ msgstr "" "ldap_group_gid_number." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" "У поточній версії у цій можливості передбачено підтримку лише встановлення " "відповідності objectSID у ActiveDirectory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "ldap_min_id, ldap_max_id (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -7874,18 +7977,18 @@ msgstr "" "ідентифікаторів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" "Типове значення: не встановлено (обидва параметри встановлено у значення 0)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." @@ -7894,7 +7997,7 @@ msgstr "" "перевірено і передбачено підтримку лише механізмів GSSAPI та GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -7912,12 +8015,12 @@ msgstr "" "manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -7937,7 +8040,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -7958,17 +8061,17 @@ msgstr "" "таблиці ключів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "Типове значення: вузол/назва_вузла@ОБЛАСТЬ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "ldap_sasl_realm (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -7980,17 +8083,17 @@ msgstr "" "проігноровано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "Типове значення: значення krb5_realm." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." @@ -8000,36 +8103,36 @@ msgstr "" "SASL." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "Типове значення: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" "Визначає таблицю ключів, яку слід використовувати разом з SASL/GSSAPI/GSS-" "SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Типове значення: системна таблиця ключів, зазвичай <filename>/etc/krb5." "keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -8040,12 +8143,12 @@ msgstr "" "механізм GSSAPI або GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" @@ -8053,17 +8156,17 @@ msgstr "" "SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "Типове значення: 86400 (24 години)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "krb5_server, krb5_backup_server (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -8082,7 +8185,7 @@ msgstr "" "про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -8094,7 +8197,7 @@ msgstr "" "вдасться знайти." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -8105,30 +8208,30 @@ msgstr "" "варто перейти на використання «krb5_server» у файлах налаштувань." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" "Вказати область Kerberos (для розпізнавання за SASL/GSSAPI/GSS-SPNEGO)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" "Типове значення: типове значення системи, див. <filename>/etc/krb5.conf</" "filename>" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" @@ -8138,12 +8241,12 @@ msgstr "" "версії MIT Kerberos >= 1.7" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "krb5_use_kdcinfo (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -8158,7 +8261,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -8169,12 +8272,12 @@ msgstr "" "manvolnum> </citerefentry>, щоб дізнатися більше про додаток пошуку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -8183,7 +8286,7 @@ msgstr "" "використовувати такі значення:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -8192,7 +8295,7 @@ msgstr "" "разі використання цього варіанта перевірку на боці сервера вимкнено не буде." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -8204,7 +8307,7 @@ msgstr "" "manvolnum></citerefentry> для визначення того, чи чинним є пароль." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -8215,7 +8318,7 @@ msgstr "" "скористайтеся chpass_provider=krb5 для оновлення цих атрибутів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." @@ -8225,18 +8328,18 @@ msgstr "" "встановленими за допомогою цього параметра." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" "Визначає, чи має бути увімкнено автоматичне визначення напрямків пошуку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -8245,7 +8348,7 @@ msgstr "" "з версією OpenLDAP 2.4.13 або новішою версією." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -8267,28 +8370,28 @@ msgstr "" "дані виявляться недоступними." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "Визначає назву служби, яку буде використано у разі вмикання визначення служб." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "Типове значення: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." @@ -8297,17 +8400,17 @@ msgstr "" "уможливлює зміну паролів, у разі вмикання визначення служб." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "ldap_chpass_update_last_change (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." @@ -8316,7 +8419,7 @@ msgstr "" "щодо кількості днів з часу виконання дії зі зміни пароля." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -8329,12 +8432,12 @@ msgstr "" "окремо." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -8363,12 +8466,12 @@ msgstr "" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "Приклад:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -8380,7 +8483,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." @@ -8389,7 +8492,7 @@ msgstr "" "employeeType встановлено у значення «admin»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -8403,17 +8506,17 @@ msgstr "" "таких прав не було надано, у автономному режимі їх також не буде надано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "Типове значення: порожній рядок" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." @@ -8422,7 +8525,7 @@ msgstr "" "керування доступом на боці клієнта." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -8433,12 +8536,12 @@ msgstr "" "з відповідним кодом помилки, навіть якщо вказано правильний пароль." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "Можна використовувати такі значення:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." @@ -8447,7 +8550,7 @@ msgstr "" "визначити, чи завершено строк дії облікового запису." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -8460,7 +8563,7 @@ msgstr "" "Також буде перевірено, чи не вичерпано строк дії облікового запису." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -8471,7 +8574,7 @@ msgstr "" "ldap_ns_account_lock." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -8484,7 +8587,7 @@ msgstr "" "атрибутів, надати доступ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -8495,24 +8598,24 @@ msgstr "" "користуватися параметром ldap_account_expire_policy." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "ldap_access_order (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "Список відокремлених комами параметрів керування доступом. Можливі значення " "списку:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -8527,7 +8630,7 @@ msgstr "" "для працездатності цієї можливості слід встановити «access_provider = ldap»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" @@ -8537,7 +8640,7 @@ msgstr "" "emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -8560,13 +8663,13 @@ msgstr "" "параметра слід встановити значення «access_provider = ldap»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" "<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -8581,31 +8684,31 @@ msgstr "" "наприклад на ключах SSH." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." @@ -8615,7 +8718,7 @@ msgstr "" "параметра «ldap_pwd_policy» відповідні правила поводження із паролями." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" @@ -8624,14 +8727,14 @@ msgstr "" "можливості доступу атрибут authorizedService" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" "<emphasis>host</emphasis>: за допомогою цього атрибута вузла можна визначити " "права доступу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" @@ -8640,7 +8743,7 @@ msgstr "" "того, чи матиме віддалений вузол доступ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" @@ -8650,12 +8753,12 @@ msgstr "" "керування доступом." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "Типове значення: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." @@ -8664,12 +8767,12 @@ msgstr "" "використано декілька разів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "ldap_pwdlockout_dn (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -8683,22 +8786,22 @@ msgstr "" "можна буде перевірити належним чином." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "Приклад: cn=ppolicy,ou=policies,dc=example,dc=com" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "Типове значення: cn=ppolicy,ou=policies,$ldap_search_base" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "ldap_deref (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" @@ -8707,13 +8810,13 @@ msgstr "" "пошуку. Можливі такі варіанти:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" "<emphasis>never</emphasis>: ніколи не виконувати розіменування псевдонімів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." @@ -8723,7 +8826,7 @@ msgstr "" "пошуку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." @@ -8732,7 +8835,7 @@ msgstr "" "під час визначення місця основного об’єкта пошуку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." @@ -8741,7 +8844,7 @@ msgstr "" "час пошуку, так і під час визначення місця основного об’єкта пошуку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -8750,12 +8853,12 @@ msgstr "" "сценарієм <emphasis>never</emphasis>)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "ldap_rfc2307_fallback_to_local_users (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -8764,7 +8867,7 @@ msgstr "" "серверів, у яких використовується схема RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -8782,7 +8885,7 @@ msgstr "" "користувачів за допомогою виклику getpw*() або initgroups()." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -8794,12 +8897,12 @@ msgstr "" "групами LDAP." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "wildcard_limit (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." @@ -8808,24 +8911,24 @@ msgstr "" "пошуку з використанням символів-замінників." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" "У поточній версії пошук із використанням символів-замінників передбачено " "лише для відповідача InfoPipe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "Типове значення: 1000 (часто розмір однієї сторінки)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "ldap_library_debug_level (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." @@ -8834,7 +8937,7 @@ msgstr "" "libldap буде записано незалежно від загального debug_level." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." @@ -8843,12 +8946,12 @@ msgstr "" "компонентів, -1 увімкне повне виведення діагностичних даних." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "Типове значення: 0 (діагностику libldap вимкнено)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -8868,12 +8971,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "ПАРАМЕТРИ SUDO" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -8884,12 +8987,12 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "ldap_sudo_full_refresh_interval (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." @@ -8899,7 +9002,7 @@ msgstr "" "набір правил, що зберігаються на сервері." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" @@ -8908,7 +9011,7 @@ msgstr "" "<emphasis>ldap_sudo_smart_refresh_interval </emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." @@ -8918,17 +9021,17 @@ msgstr "" "оновлення." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "Типове значення: 21600 (6 годин)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "ldap_sudo_smart_refresh_interval (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -8939,7 +9042,7 @@ msgstr "" "правил, USN яких перевищує найбільше значення сервера USN, яке відоме SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." @@ -8948,7 +9051,7 @@ msgstr "" "дані атрибута modifyTimestamp." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -8964,7 +9067,7 @@ msgstr "" "emphasis>)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." @@ -8974,12 +9077,12 @@ msgstr "" "оновлення." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "ldap_sudo_random_offset (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -8990,7 +9093,7 @@ msgstr "" "регулярного завдання. Значення у секундах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -9001,17 +9104,17 @@ msgstr "" "час, протягом якого правила sudo є недоступними для використання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "Ви можете вимкнути цей зсув, встановивши значення 0." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "ldap_sudo_use_host_filter (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." @@ -9021,12 +9124,12 @@ msgstr "" "назв вузлів)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "ldap_sudo_hostnames (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." @@ -9035,7 +9138,7 @@ msgstr "" "фільтрування списку правил." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." @@ -9044,8 +9147,8 @@ msgstr "" "назву вузла та повну назву комп’ютера у домені у автоматичному режимі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." @@ -9054,17 +9157,17 @@ msgstr "" "<emphasis>false</emphasis>, цей параметр ні на що не впливатиме." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "Типове значення: не вказано" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "ldap_sudo_ip (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." @@ -9073,7 +9176,7 @@ msgstr "" "правил." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." @@ -9082,12 +9185,12 @@ msgstr "" "адресу у автоматичному режимі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "ldap_sudo_include_netgroups (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." @@ -9096,12 +9199,12 @@ msgstr "" "мережеву групу (netgroup) у атрибуті sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "ldap_sudo_include_regexp (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." @@ -9110,7 +9213,7 @@ msgstr "" "заміни у атрибуті sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" @@ -9119,7 +9222,7 @@ msgstr "" "для сервера LDAP!" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -9132,12 +9235,12 @@ msgstr "" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "ПАРАМЕТРИ AUTOFS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." @@ -9146,47 +9249,47 @@ msgstr "" "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "ldap_autofs_map_master_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "Назва основної карти автоматичного монтування у LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "Типове значення: auto.master" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "ДОДАТКОВІ ПАРАМЕТРИ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "<note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -9199,22 +9302,22 @@ msgstr "" "груп показуються неправильно." #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "</note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "ldap_sudo_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "ldap_autofs_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -9227,14 +9330,14 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "ПРИКЛАД" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -9245,7 +9348,7 @@ msgstr "" "<replaceable>[domains]</replaceable>." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -9265,20 +9368,20 @@ msgstr "" "cache_credentials = true\n" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "ПРИКЛАД ФІЛЬТРА ДОСТУПУ LDAP" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." @@ -9287,7 +9390,7 @@ msgstr "" "чином і використано ldap_access_order=lockout." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -9313,13 +9416,13 @@ msgstr "" "cache_credentials = true\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "ЗАУВАЖЕННЯ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -12270,12 +12373,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "Приклад: dyndns_iface = em1, vnet1, vnet2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "dyndns_auth (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -12286,17 +12389,17 @@ msgstr "" "можна надсилати встановленням для цього параметра значення «none»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "Типове значення: GSS-TSIG" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "dyndns_auth_ptr (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -12307,7 +12410,7 @@ msgstr "" "оновлення можна надсилати встановленням для цього параметра значення «none»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "Типове значення: те саме, що і dyndns_auth" @@ -12383,17 +12486,24 @@ msgstr "" "переспрямовування." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "Типове значення: False (вимкнено)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "dyndns_force_tcp (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." @@ -12402,17 +12512,17 @@ msgstr "" "даними з сервером DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "Типове значення: False (надати змогу nsupdate вибирати протокол)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "dyndns_server (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." @@ -12422,7 +12532,7 @@ msgstr "" "параметра." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." @@ -12431,7 +12541,7 @@ msgstr "" "DNS відрізняється від сервера профілів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." @@ -12441,17 +12551,17 @@ msgstr "" "невдало." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "Типове значення: немає (надати nsupdate змогу вибирати сервер)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "dyndns_update_per_family (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -12461,14 +12571,14 @@ msgstr "" "оновлення IPv6. Іноді бажаним є виконання оновлення IPv4 і IPv6 за один крок." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "ldap_access_order (string)" msgid "ipa_access_order (string)" msgstr "ldap_access_order (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 #, fuzzy #| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." @@ -12476,7 +12586,7 @@ msgstr "" "<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 #, fuzzy #| msgid "" #| "Please note that 'access_provider = ldap' must be set for this feature to " @@ -12491,12 +12601,12 @@ msgstr "" "параметра «ldap_pwd_policy» відповідні правила поводження із паролями." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "ipa_deskprofile_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." @@ -12505,17 +12615,17 @@ msgstr "" "профілями станції (Desktop Profile) об’єктів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "Типове значення: використання базової назви домену" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "ipa_subid_ranges_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." @@ -12524,98 +12634,98 @@ msgstr "" "підлеглими діапазонами об’єктів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "Типове значення: значення <emphasis>cn=subids,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" "Необов’язковий. Використати вказаний рядок як основу пошуку пов’язаних з " "HBAC об’єктів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "ipa_host_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "Застарілий. Скористайтеся замість нього ldap_host_search_base." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "ipa_selinux_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" "Необов’язковий. Використати вказаний рядок як основу пошуку карт " "користувачів SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "ipa_subdomains_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" "Необов’язковий. Використати вказаний рядок як основу пошуку надійних доменів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "Типове значення: значення <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "ipa_master_domain_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" "Необов’язковий. Використати вказаний рядок як основу пошуку основного " "об’єкта домену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" "Типове значення: значення виразу <emphasis>cn=ad,cn=etc,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "ipa_views_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" "Необов’язковий. Використати вказаний рядок як основу пошуку контейнерів " "перегляду." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" "Типове значення: значення <emphasis>cn=views,cn=accounts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." @@ -12624,7 +12734,7 @@ msgstr "" "«ipa_domain»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." @@ -12633,12 +12743,12 @@ msgstr "" "перетворено у основний DN для виконання дій LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "krb5_confd_path (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." @@ -12647,7 +12757,7 @@ msgstr "" "налаштувань Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." @@ -12656,7 +12766,7 @@ msgstr "" "значення «none»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" @@ -12664,12 +12774,12 @@ msgstr "" "SSSD)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "ipa_deskprofile_refresh (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -12681,17 +12791,17 @@ msgstr "" "щодо профілів станції." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "Типове значення: 5 (секунд)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "ipa_deskprofile_request_interval (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." @@ -12700,17 +12810,17 @@ msgstr "" "останнім запитом не повернуто жодного правила." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "Типове значення: 60 (хвилин)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -12721,12 +12831,12 @@ msgstr "" "короткого періоду часу надходить багато запитів щодо керування доступом." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "ipa_hbac_selinux (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -12738,12 +12848,12 @@ msgstr "" "користувача до системи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "ipa_server_mode (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." @@ -12752,7 +12862,7 @@ msgstr "" "автоматично, він визначає, чи запущено SSSD на сервері IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." @@ -12761,7 +12871,7 @@ msgstr "" "безпосередньо, хоча на клієнті SSSD надсилатиме запит на сервер IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." @@ -12770,7 +12880,7 @@ msgstr "" "працює на сервері IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -12781,7 +12891,7 @@ msgstr "" "зміни вручну є зайвими." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." @@ -12790,53 +12900,53 @@ msgstr "" "того, щоб лише виводити короткі імена користувачів з довірених доменів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "ipa_automount_location (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" "Адреса автоматичного монтування, яку буде використовувати цей клієнт IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "Типове значення: адреса з назвою \"default\"" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "ПЕРЕГЛЯДИ і ПЕРЕВИЗНАЧЕННЯ" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "ipa_view_class (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "Клас об’єктів для контейнерів перегляду." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "Типове значення: nsContainer" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "ipa_view_name (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "Назва атрибута, у якому зберігається назва перегляду." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -12844,27 +12954,27 @@ msgid "Default: cn" msgstr "Типове значення: cn" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "ipa_override_object_class (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "Клас об’єктів для об’єктів перевизначення" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "Типове значення: ipaOverrideAnchor" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "ipa_anchor_uuid (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." @@ -12873,17 +12983,17 @@ msgstr "" "віддаленому домені." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "Типове значення: ipaAnchorUUID" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "ipa_user_override_object_class (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." @@ -12893,57 +13003,57 @@ msgstr "" "або групою." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "Перевизначення користувачів можуть містити атрибути, задані" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "ldap_user_name" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "ldap_user_uid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "ldap_user_gid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "ldap_user_gecos" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "ldap_user_home_directory" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "ldap_user_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "ldap_user_ssh_public_key" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "Типове значення: ipaUserOverride" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "ipa_group_override_object_class (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." @@ -12952,27 +13062,27 @@ msgstr "" "того, чи знайдений об’єкт перевизначення пов’язано з користувачем або групою." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "Перевизначення груп можуть містити атрибути, задані" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "ldap_group_name" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "ldap_group_gid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "Типове значення: ipaGroupOverride" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -12987,12 +13097,12 @@ msgstr "" "значеннями. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "СЛУЖБА ПІДДОМЕНІВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." @@ -13001,7 +13111,7 @@ msgstr "" "спосіб його налаштовано: явний чи неявний." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -13013,7 +13123,7 @@ msgstr "" "якщо це потрібно." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -13033,12 +13143,12 @@ msgstr "" "даних піддоменів буде знову увімкнено." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "НАЛАШТОВУВАННЯ ДОВІРЕНИХ ДОМЕНІВ" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -13048,7 +13158,7 @@ msgstr "" "ad_server = dc.ad.domain.com\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -13063,7 +13173,7 @@ msgstr "" "батьківському домені. <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." @@ -13073,7 +13183,7 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." @@ -13082,60 +13192,60 @@ msgstr "" "як ви налаштували SSSD на сервері IPA або клієнт IPA." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "ПАРАМЕТРИ, ЯКІ МОЖНА НАЛАШТУВАТИ НА ОСНОВНИХ СЕРВЕРАХ IPA" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" "У розділі піддомену на основному сервері IPA можна вказати такі параметри:" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "ad_server" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "ad_backup_server" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "ad_site" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "ldap_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "ldap_user_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "ldap_group_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "ПАРАМЕТРИ, ЯКІ МОЖНА НАЛАШТУВАТИ НА КЛІЄНТАХ IPA" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "У розділі піддомену на клієнті IPA можна вказати такі параметри:" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." @@ -13144,7 +13254,7 @@ msgstr "" "<quote>ad_server</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -13167,7 +13277,7 @@ msgstr "" "manvolnum> </citerefentry>, щоб дізнатися більше про додаток пошуку Kerberos." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -13179,7 +13289,7 @@ msgstr "" "ipa." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -14825,7 +14935,7 @@ msgstr "" "значення." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -14836,7 +14946,7 @@ msgstr "" "У прикладі продемонстровано лише параметри доступу, специфічні для засобу AD." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -14860,7 +14970,7 @@ msgstr "" "ad_domain = example.com\n" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -14872,7 +14982,7 @@ msgstr "" "ldap_account_expire_policy = ad\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -14884,7 +14994,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -14899,7 +15009,7 @@ msgstr "" "шифрування) вручну." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -21904,9 +22014,13 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" "Якщо встановлено цей параметр, домени призначатимуться, починаючи з " "нульового зрізу з поступовим зростанням номерів на кожен додатковий домен." @@ -23085,6 +23199,20 @@ msgstr "" "Визначає, чи слід перетворювати реєстраційний запис вузла і користувача у " "канонічну форму. Цю можливість передбачено з версії MIT Kerberos 1.7." +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "Цим параметром не можна скористатися у надавачі даних IPA." + +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "Визначає, чи слід також кешувати реєстраційні дані користувача у " +#~ "локальному кеші LDB" + #~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" #~ msgstr "" #~ "Реєстраційні дані користувача зберігаються у форматі хешу SHA512, а не у " @@ -23830,13 +23958,6 @@ msgstr "" #~ " -XPOST http://localhost/secrets/mycontainer/\n" #~ " " -#~ msgid "" -#~ "The following example creates a container named 'mycontainer': " -#~ "<placeholder type=\"programlisting\" id=\"0\"/>" -#~ msgstr "" -#~ "У наступному прикладі створюємо контейнер із назвою «mycontainer»: " -#~ "<placeholder type=\"programlisting\" id=\"0\"/>" - #, no-wrap #~ msgid "" #~ "http://localhost/secrets/mycontainer/mysecret\n" diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po index 2c17d3e4cca..f2ff3206e7d 100644 --- a/src/man/po/zh_CN.po +++ b/src/man/po/zh_CN.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2020-07-22 07:51-0400\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/" @@ -206,11 +206,11 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "" @@ -227,11 +227,11 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -265,8 +265,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -296,8 +296,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -361,19 +361,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "默认: 3" @@ -395,7 +395,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "" @@ -415,12 +415,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -428,39 +428,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -603,8 +603,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -874,7 +874,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -919,11 +919,11 @@ msgstr "" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -950,12 +950,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "服务部分" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -964,22 +964,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "基本服务配置选项" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "这些选项可被用于配置任何服务。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -989,17 +989,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1009,19 +1009,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 3" msgid "Default: 60, KCM: 300" msgstr "默认: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1032,14 +1032,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1047,44 +1047,44 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 msgid "offline_timeout_max (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1093,62 +1093,62 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 3" msgid "Default: 3600" msgstr "默认: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 3" msgid "Default: 30" msgstr "默认: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1160,58 +1160,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 -#: sssd-ldap.5.xml:331 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1219,7 +1219,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1229,7 +1229,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1238,17 +1238,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1256,17 +1256,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1274,17 +1274,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1293,7 +1293,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1302,41 +1302,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1344,23 +1344,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1368,47 +1368,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1416,113 +1416,113 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1530,25 +1530,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 msgid "memcache_size_group (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1556,19 +1556,19 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1576,12 +1576,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 msgid "memcache_size_sid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1590,12 +1590,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1606,43 +1606,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 msgid "Default: <quote>*</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1651,60 +1651,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1712,59 +1712,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1773,51 +1773,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1828,23 +1828,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1852,7 +1852,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1861,17 +1861,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1879,31 +1879,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1913,75 +1913,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -1989,19 +1989,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2009,40 +2009,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2050,34 +2050,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2087,7 +2087,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2095,59 +2095,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 msgid "passkey_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2155,7 +2155,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2167,63 +2167,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2231,12 +2231,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2247,7 +2247,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2255,7 +2255,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2263,7 +2263,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2272,47 +2272,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2321,30 +2321,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2352,7 +2352,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2360,22 +2360,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2383,25 +2383,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2409,7 +2409,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2424,7 +2424,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2432,45 +2432,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2478,7 +2478,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2486,17 +2486,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2507,24 +2507,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2534,22 +2534,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2557,51 +2557,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2610,12 +2610,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2625,7 +2625,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2633,7 +2633,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2642,38 +2642,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2684,7 +2684,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2695,24 +2695,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2720,12 +2720,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2734,24 +2734,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 msgid "pac_check (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2762,24 +2762,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2787,24 +2787,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2816,7 +2816,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2827,60 +2827,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -2890,66 +2890,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -2957,17 +2957,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -2975,7 +2975,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -2984,56 +2984,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 msgid "exclude_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3043,12 +3043,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3057,14 +3057,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3073,38 +3073,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3113,24 +3113,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3139,29 +3139,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3175,14 +3175,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3191,39 +3191,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3232,19 +3232,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3255,139 +3255,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3396,17 +3396,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3418,23 +3418,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 -msgid "Determines if user credentials are also cached in the local LDB cache." +#: sssd.conf.5.xml:2931 +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3443,12 +3449,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3456,19 +3462,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3477,17 +3483,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3496,28 +3502,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3525,7 +3531,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3533,18 +3539,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3552,19 +3557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3573,7 +3578,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3581,24 +3586,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3610,7 +3615,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3618,30 +3623,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3649,7 +3654,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3657,30 +3662,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3688,19 +3693,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3709,7 +3714,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3717,29 +3722,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3747,7 +3752,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3755,35 +3760,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3791,32 +3796,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3827,7 +3832,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3836,12 +3841,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3849,7 +3854,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3857,31 +3862,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3889,7 +3894,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3898,17 +3903,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3916,43 +3921,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3960,7 +3965,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3968,7 +3973,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3976,24 +3981,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4001,31 +4006,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4033,7 +4038,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4042,12 +4047,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4057,24 +4062,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4083,19 +4088,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4105,89 +4110,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3679 msgid "dns_resolver_server_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3702 msgid "dns_resolver_op_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4195,12 +4200,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4209,12 +4214,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3743 msgid "dns_resolver_use_search_list (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4222,7 +4227,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4230,71 +4235,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3758 #, fuzzy #| msgid "Default: 3" msgid "Default: TRUE" msgstr "默认: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4302,31 +4307,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4334,104 +4339,104 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3858 msgid "ldap_offline_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3861 msgid "ldap_enumeration_refresh_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3880 msgid "ldap_enumeration_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3883 msgid "ldap_connection_expire_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3886 msgid "ldap_connection_expire_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4439,27 +4444,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4469,34 +4474,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4505,19 +4510,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4525,24 +4530,94 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3989 +msgid "local_auth_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3992 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4002 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4026 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4034 +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4039 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: match" +msgstr "默认: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4551,24 +4626,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4578,14 +4653,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4593,21 +4668,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4615,7 +4690,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4624,7 +4699,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4633,7 +4708,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4641,29 +4716,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4671,12 +4747,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4684,12 +4760,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4698,12 +4774,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4711,19 +4787,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4740,7 +4816,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4748,17 +4824,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4767,7 +4843,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4777,7 +4853,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4797,12 +4873,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4813,69 +4889,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4888,7 +4964,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4896,7 +4972,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4905,55 +4981,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -4962,17 +5038,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -4980,26 +5056,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5008,17 +5084,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5028,7 +5104,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5037,59 +5113,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5098,7 +5174,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5107,17 +5183,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5125,46 +5201,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5173,7 +5249,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5181,12 +5257,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5216,7 +5292,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5225,7 +5301,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5233,7 +5309,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5244,7 +5320,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5255,7 +5331,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5309,26 +5385,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5338,33 +5414,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5373,71 +5449,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5446,7 +5522,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5457,12 +5533,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5470,32 +5546,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5506,37 +5582,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5545,74 +5621,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5621,24 +5697,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5646,7 +5722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5655,12 +5731,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -5668,7 +5744,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5678,7 +5754,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5688,67 +5764,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5756,7 +5832,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5764,12 +5840,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5777,12 +5853,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -5793,12 +5869,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5807,12 +5883,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5821,7 +5897,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5832,36 +5908,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 msgid "ldap_connection_idle_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -5869,29 +5945,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -5899,14 +5975,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -5914,17 +5990,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -5934,12 +6010,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -5947,17 +6023,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -5965,12 +6041,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -5978,7 +6054,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -5989,7 +6065,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -5998,7 +6074,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6006,12 +6082,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6019,7 +6095,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6027,26 +6103,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6054,7 +6130,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6062,7 +6138,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6070,41 +6146,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6113,32 +6189,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6146,24 +6222,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6171,17 +6248,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6192,24 +6269,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6220,12 +6297,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6238,7 +6315,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6250,17 +6327,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6268,49 +6345,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6318,28 +6395,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6351,7 +6428,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6359,7 +6436,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6367,39 +6444,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6409,7 +6486,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6417,26 +6494,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6445,7 +6522,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6453,31 +6530,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6490,51 +6567,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6543,12 +6620,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6564,12 +6641,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6578,14 +6655,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6594,24 +6671,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6619,19 +6696,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6640,7 +6717,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -6648,7 +6725,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6657,7 +6734,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -6665,22 +6742,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6690,14 +6767,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6710,12 +6787,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6725,81 +6802,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6808,74 +6885,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -6886,7 +6963,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -6894,53 +6971,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -6952,12 +7029,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -6965,43 +7042,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7009,14 +7086,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7026,19 +7103,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7046,7 +7123,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7054,106 +7131,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7162,59 +7239,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7223,22 +7300,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7247,14 +7324,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7262,7 +7339,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7275,27 +7352,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7311,13 +7388,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9646,12 +9723,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9659,17 +9736,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9677,7 +9754,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9736,65 +9813,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9802,177 +9886,177 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 msgid "ipa_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -9980,34 +10064,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10015,12 +10099,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10028,33 +10112,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10062,59 +10146,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10122,128 +10206,128 @@ msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10253,19 +10337,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10273,7 +10357,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10285,12 +10369,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10298,7 +10382,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10308,80 +10392,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10395,7 +10479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -10403,7 +10487,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11597,7 +11681,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11605,7 +11689,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11620,7 +11704,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11629,7 +11713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11637,7 +11721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11647,7 +11731,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -17252,7 +17336,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 65778124bfc..082e97e523b 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -1262,6 +1262,11 @@ ad_gpo_map_deny = +my_pam_service updated when updating the client's DNS records. Applicable only when dyndns_update is true. </para> + <para> + Note that <emphasis>dyndns_update_per_family</emphasis> + parameter does not apply for PTR record updates. + Those updates are always sent separately. + </para> <para> Default: True </para> diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml index aa6ff238000..4802ce866e4 100644 --- a/src/man/sssd-ipa.5.xml +++ b/src/man/sssd-ipa.5.xml @@ -286,6 +286,11 @@ PTR records automatically when forward records are changed. </para> + <para> + Note that <emphasis>dyndns_update_per_family</emphasis> + parameter does not apply for PTR record updates. + Those updates are always sent separately. + </para> <para> Default: False (disabled) </para> diff --git a/src/man/sssd-ldap-attributes.5.xml b/src/man/sssd-ldap-attributes.5.xml index 5e0a32eeefc..7de32499b02 100644 --- a/src/man/sssd-ldap-attributes.5.xml +++ b/src/man/sssd-ldap-attributes.5.xml @@ -626,10 +626,12 @@ Note: If an email address of a user conflicts with an email address or fully qualified name of another user, then SSSD will not be able to serve those - users properly. If for some reason several users - need to share the same email address then set - this option to a nonexistent attribute name in - order to disable user lookup/login by email. + users properly. This option allows users to login by + (1) username, and (2) e-mail address. + If for some reason several users need to share + the same email address then set this option to + a nonexistent attribute name in order to disable + user lookup/login by email. </para> <para> Default: mail diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index c094a6125df..0a814ec3585 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -39,9 +39,10 @@ to authenticate against an LDAP server either TLS/SSL or LDAPS is required. <command>sssd</command> <emphasis>does not</emphasis> support authentication over an unencrypted channel. - If the LDAP server is used only as an identity provider, an encrypted - channel is not needed. Please refer to <quote>ldap_access_filter</quote> - config option for more information about using LDAP as an access provider. + Even if the LDAP server is used only as an identity provider, an encrypted + channel is strongly recommended. Please refer to + <quote>ldap_access_filter</quote> config option for more information + about using LDAP as an access provider. </para> </refsect1> @@ -912,6 +913,7 @@ <para> Specifies that the id_provider connection must also use <systemitem class="protocol">tls</systemitem> to protect the channel. + <emphasis>true</emphasis> is strongly recommended for security reasons. </para> <para> Default: false diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 69551f5d74e..e7a8cbd9a40 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -743,7 +743,8 @@ <listitem> <para> Enable or disable the user verification (i.e. PIN, fingerprint) - during authentication. + during authentication. If enabled, the + PIN will always be requested. </para> <para> The default is that the key settings @@ -2928,7 +2929,14 @@ pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit <listitem> <para> Determines if user credentials are also cached - in the local LDB cache. + in the local LDB cache. The cached credentials + refer to passwords, which includes the first (long + term) factor of two-factor authentication, not + other authentication mechanisms. Passkey and + Smartcard authentications are expected to work + offline as long as a successful online + authentication is recorded in the cache without + additional configuration. </para> <para> Take a note that while credentials are stored as @@ -3031,7 +3039,7 @@ pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit configuring LDAP. </para> <para> - <quote>ipa</quote>: FreeIPA and Red Hat Enterprise + <quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> @@ -3142,7 +3150,7 @@ pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit </citerefentry> for more information on configuring Kerberos. </para> <para> - <quote>ipa</quote>: FreeIPA and Red Hat Enterprise + <quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> @@ -3193,7 +3201,7 @@ pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit </citerefentry> for more information on configuring LDAP. </para> <para> - <quote>ipa</quote>: FreeIPA and Red Hat Enterprise + <quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> @@ -3256,7 +3264,7 @@ pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit </citerefentry> for more information on configuring Kerberos. </para> <para> - <quote>ipa</quote>: FreeIPA and Red Hat Enterprise + <quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> @@ -3977,6 +3985,61 @@ subdomain_inherit = ldap_purge_cache_timeout </para> </listitem> </varlistentry> + <varlistentry> + <term>local_auth_policy (string)</term> + <listitem> + <para> + Local authentication methods policy. Some backends + (i.e. LDAP, proxy provider) only support a password + based authentication, while others can handle PKINIT + based Smartcard authentication (AD, IPA), + two-factor authentication (IPA), or other methods + against a central instance. By default in such cases + authentication is only performed with the methods + supported by the backend. + </para> + <para> + There are three possible values for this option: + match, only, enable. <quote>match</quote> is + used to match offline and online states for Kerberos + methods. <quote>only</quote> ignores the online methods + and only offer the local ones. enable allows explicitly + defining the methods for local authentication. As an + example, <quote>enable:passkey</quote>, only enables + passkey for local authentication. Multiple enable values + should be comma-separated, such as + <quote>enable:passkey, enable:smartcard</quote> + </para> + <para> + Please note that if local Smartcard authentication + is enabled and a Smartcard is present, Smartcard + authentication will be preferred over the + authentication methods supported by the backend. + I.e. there will be a PIN prompt instead of e.g. a + password prompt. + </para> + <para> + The following configuration example allows local users + to authenticate locally using any enabled method + (i.e. smartcard, passkey). +<programlisting> +[domain/shadowutils] +id_provider = proxy +proxy_lib_name = files +auth_provider = none +local_auth_policy = only +</programlisting> + </para> + <para condition="with_files_provider"> + It is expected that the <quote>files</quote> + provider ignores the local_auth_policy option and + supports Smartcard authentication by default. + </para> + <para> + Default: match + </para> + </listitem> + </varlistentry> <varlistentry> <term>auto_private_groups (string)</term> <listitem> @@ -4081,7 +4144,9 @@ auto_private_groups = false <para> Default: not set by default, you have to take an existing pam configuration or create a new one and - add the service name here. + add the service name here. As an alternative you + can enable local authentication with the + local_auth_policy option. </para> </listitem> </varlistentry> diff --git a/src/p11_child/p11_child_common.c b/src/p11_child/p11_child_common.c index e49d1e20182..5eab9b063d4 100644 --- a/src/p11_child/p11_child_common.c +++ b/src/p11_child/p11_child_common.c @@ -164,7 +164,7 @@ int main(int argc, const char *argv[]) char *key_id = NULL; char *label = NULL; char *cert_b64 = NULL; - uint64_t chain_id = 0; + long chain_id = 0; bool wait_for_card = false; char *uri = NULL; @@ -325,7 +325,7 @@ int main(int argc, const char *argv[]) } sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_CID); - sss_chain_id_set(chain_id); + sss_chain_id_set((uint64_t)chain_id); DEBUG_INIT(debug_level, opt_logger); diff --git a/src/passkey_child/passkey_child.h b/src/passkey_child/passkey_child.h index 9a62d4d0b38..185e7e63af7 100644 --- a/src/passkey_child/passkey_child.h +++ b/src/passkey_child/passkey_child.h @@ -63,6 +63,7 @@ struct passkey_data { fido_opt_t user_verification; enum credential_type cred_type; unsigned char *user_id; + char *mapping_file; bool quiet; bool debug_libfido2; }; @@ -240,6 +241,21 @@ errno_t print_credentials(const struct passkey_data *data, const fido_cred_t *const cred); +/** + * @brief Print passkey credentials + * + * @param[in] data passkey data + * @param[in] b64_cred_id Credential ID in b64 + * @param[in] pem_key Public key in PEM format + * + * @return 0 if the credentials were printed properly, + * another value on error. + */ +errno_t +print_credentials_to_file(const struct passkey_data *data, + const char *b64_cred_id, + const char *pem_key); + /** * @brief Format libfido2's es256 data structure to EVP_PKEY * diff --git a/src/passkey_child/passkey_child_common.c b/src/passkey_child/passkey_child_common.c index 89f376bd691..000a7ee34d7 100644 --- a/src/passkey_child/passkey_child_common.c +++ b/src/passkey_child/passkey_child_common.c @@ -154,6 +154,7 @@ parse_arguments(TALLOC_CTX *mem_ctx, int argc, const char *argv[], data->user_verification = FIDO_OPT_OMIT; data->cred_type = CRED_SERVER_SIDE; data->user_id = NULL; + data->mapping_file = NULL; data->quiet = false; data->debug_libfido2 = false; @@ -194,6 +195,8 @@ parse_arguments(TALLOC_CTX *mem_ctx, int argc, const char *argv[], _("Require user-verification"), "true|false"}, {"cred-type", 0, POPT_ARG_STRING, &cred_type, 0, _("Credential type"), "server-side|discoverable"}, + {"output-file", 0, POPT_ARG_STRING, &data->mapping_file, 0, + _("Write key mapping data to file"), NULL}, {"quiet", 0, POPT_ARG_NONE, NULL, 'q', _("Supress prompts"), NULL}, {"debug-libfido2", 0, POPT_ARG_NONE, NULL, 'd', @@ -368,6 +371,7 @@ check_arguments(const struct passkey_data *data) data->user_verification); DEBUG(SSSDBG_TRACE_FUNC, "cred_type: %d\n", data->cred_type); + DEBUG(SSSDBG_TRACE_FUNC, "Mapping file: %s\n", data->mapping_file); DEBUG(SSSDBG_TRACE_FUNC, "debug_libfido2: %d\n", data->debug_libfido2); if (data->action == ACTION_NONE) { diff --git a/src/passkey_child/passkey_child_credentials.c b/src/passkey_child/passkey_child_credentials.c index 4088c2122ce..e27afb411bb 100644 --- a/src/passkey_child/passkey_child_credentials.c +++ b/src/passkey_child/passkey_child_credentials.c @@ -22,6 +22,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#include <fcntl.h> #include <termios.h> #include <stdio.h> @@ -403,9 +404,79 @@ print_credentials(const struct passkey_data *data, } PRINT("passkey:%s,%s\n", b64_cred_id, pem_key); + if (data->mapping_file != NULL) { + print_credentials_to_file(data, b64_cred_id, pem_key); + } + ret = EOK; + +done: + talloc_free(tmp_ctx); + + return ret; +} + +errno_t +print_credentials_to_file(const struct passkey_data *data, + const char *b64_cred_id, + const char *pem_key) +{ + TALLOC_CTX *tmp_ctx = NULL; + char *mapping_data = NULL; + int mapping_data_len = 0; + int fd = -1; + ssize_t written = 0; + errno_t ret; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + ret = ENOMEM; + goto done; + } + + mapping_data = talloc_asprintf(tmp_ctx, "passkey:%s,%s", + b64_cred_id, pem_key); + if (mapping_data == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); + ret = ENOMEM; + goto done; + } + mapping_data_len = strlen(mapping_data); + + fd = open(data->mapping_file, O_WRONLY|O_CREAT, 0640); + if (fd == -1) { + ret = errno; + DEBUG(SSSDBG_OP_FAILURE, + "open() failed [%d][%s]\n", ret, strerror(ret)); + ret = EIO; + goto done; + } + + errno = 0; + written = sss_atomic_write_s(fd, mapping_data, mapping_data_len); + if (written == -1) { + ret = errno; + DEBUG(SSSDBG_OP_FAILURE, + "Write failed [%d][%s].\n", ret, strerror(ret)); + goto done; + } + + if (written != mapping_data_len) { + DEBUG(SSSDBG_OP_FAILURE, + "Write error, wrote [%zd] bytes, expected [%d]\n", + written, mapping_data_len); + ret = EIO; + goto done; + } + ret = EOK; done: + if (fd != -1) { + if (close(fd) == -1) { + DEBUG(SSSDBG_OP_FAILURE, + "Close failed [%s].\n", strerror(errno)); + } + } talloc_free(tmp_ctx); return ret; diff --git a/src/passkey_child/passkey_child_devices.c b/src/passkey_child/passkey_child_devices.c index a91ab9ca11d..2011b12f661 100644 --- a/src/passkey_child/passkey_child_devices.c +++ b/src/passkey_child/passkey_child_devices.c @@ -201,10 +201,12 @@ get_device_options(fido_dev_t *dev, struct passkey_data *_data) { bool has_pin; bool has_uv; + bool supports_uv; errno_t ret; has_uv = fido_dev_has_uv(dev); has_pin = fido_dev_has_pin(dev); + supports_uv = fido_dev_supports_uv(dev); if (_data->user_verification == FIDO_OPT_TRUE && has_pin != true && has_uv != true) { @@ -226,6 +228,16 @@ get_device_options(fido_dev_t *dev, struct passkey_data *_data) goto done; } + if (_data->user_verification == FIDO_OPT_FALSE + && supports_uv == false) { + DEBUG(SSSDBG_CONF_SETTINGS, + "Policy disabled user-verification but the key doesn't support " + "it. Thus, omitting the user-verification.\n"); + _data->user_verification = FIDO_OPT_OMIT; + ret = EOK; + goto done; + } + ret = EOK; done: diff --git a/src/providers/ad/ad_domain_info.c b/src/providers/ad/ad_domain_info.c index 9583c74b972..6338d412d5b 100644 --- a/src/providers/ad/ad_domain_info.c +++ b/src/providers/ad/ad_domain_info.c @@ -225,7 +225,7 @@ ad_domain_info_send(TALLOC_CTX *mem_ctx, * the list if no matching domain was found since it is most probably * related to the configured domain. */ if (state->sdom == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "No internal domain data found for [%s], " + DEBUG(SSSDBG_TRACE_FUNC, "No internal domain data found for [%s], " "falling back to first domain.\n", state->dom_name); state->sdom = state->opts->sdom; diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c index 4b7bbf18200..94959c36b46 100644 --- a/src/providers/ad/ad_gpo.c +++ b/src/providers/ad/ad_gpo.c @@ -53,12 +53,12 @@ #include "util/sss_chain_id.h" #include <ndr.h> #include <gen_ndr/security.h> -#include <db/sysdb_computer.h> /* == gpo-ldap constants =================================================== */ #define AD_AT_DN "distinguishedName" #define AD_AT_UAC "userAccountControl" +#define AD_AT_SAMACCOUNTNAME "sAMAccountName" #define AD_AT_CONFIG_NC "configurationNamingContext" #define AD_AT_GPLINK "gPLink" #define AD_AT_GPOPTIONS "gpOptions" @@ -563,6 +563,63 @@ ad_gpo_dom_sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2) return true; } +/* + * This function retrieves the SID of the group with given gid. + */ +static char * +ad_gpo_get_primary_group_sid(TALLOC_CTX *mem_ctx, + gid_t gid, + struct sss_domain_info *domain, + struct sss_idmap_ctx *idmap_ctx) +{ + char *idmap_sid = NULL; + const char *cache_sid; + char *result; + const char *attrs[] = { + SYSDB_SID_STR, + NULL + }; + struct ldb_message *msg; + int ret; + + if (gid == 0) { + return NULL; + } + + ret = sss_idmap_unix_to_sid(idmap_ctx, gid, &idmap_sid); + if (ret == EOK) { + result = talloc_strdup(mem_ctx, idmap_sid); + sss_idmap_free_sid(idmap_ctx, idmap_sid); + if (result == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Out of memory while getting SID of the group\n"); + } + return result; + } + + if (ret == IDMAP_EXTERNAL) { + /* no ID mapping in this domain, search for the group object and get sid there */ + ret = sysdb_search_group_by_gid(mem_ctx, domain, gid, attrs, &msg); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Search for group '%"SPRIgid"' failded with error '%d'\n", gid, ret); + return NULL; + } + + cache_sid = ldb_msg_find_attr_as_string(msg, SYSDB_SID_STR, NULL); + if (cache_sid == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to get SID attribute of the group '%"SPRIgid"'\n", gid); + return NULL; + } + + result = talloc_strdup(mem_ctx, cache_sid); + if (result == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Out of memory while getting group SID\n"); + } + return result; + } + + DEBUG(SSSDBG_OP_FAILURE, "Failed to get SID of primary the group '%"SPRIgid"'\n", gid); + return NULL; +} /* * This function retrieves the SIDs corresponding to the input user and returns @@ -577,6 +634,7 @@ static errno_t ad_gpo_get_sids(TALLOC_CTX *mem_ctx, const char *user, struct sss_domain_info *domain, + struct sss_idmap_ctx *idmap_ctx, const char **_user_sid, const char ***_group_sids, int *_group_size) @@ -589,6 +647,8 @@ ad_gpo_get_sids(TALLOC_CTX *mem_ctx, const char *user_sid = NULL; const char *group_sid = NULL; const char **group_sids = NULL; + gid_t orig_gid = 0; + char *orig_gid_sid = NULL; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -613,10 +673,21 @@ ad_gpo_get_sids(TALLOC_CTX *mem_ctx, } user_sid = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SID_STR, NULL); + + /* if there is origPrimaryGroupGidNumber, it's SID must be added to list */ + orig_gid = ldb_msg_find_attr_as_uint64(res->msgs[0], + SYSDB_PRIMARY_GROUP_GIDNUM, + 0); + orig_gid_sid = ad_gpo_get_primary_group_sid(tmp_ctx, + orig_gid, + domain, + idmap_ctx); + DEBUG(SSSDBG_TRACE_INTERNAL, "SID of the primary group with gid '%"SPRIgid"' is '%s'\n", orig_gid, orig_gid_sid); + num_group_sids = (res->count) - 1; - /* include space for AD_AUTHENTICATED_USERS_SID and NULL */ - group_sids = talloc_array(tmp_ctx, const char *, num_group_sids + 1 + 1); + /* include space for AD_AUTHENTICATED_USERS_SID, original GID sid and NULL */ + group_sids = talloc_array(tmp_ctx, const char *, num_group_sids + 3); if (group_sids == NULL) { ret = ENOMEM; goto done; @@ -639,9 +710,12 @@ ad_gpo_get_sids(TALLOC_CTX *mem_ctx, } } group_sids[i++] = talloc_strdup(group_sids, AD_AUTHENTICATED_USERS_SID); + if (orig_gid_sid != NULL) { + group_sids[i++] = orig_gid_sid; + } group_sids[i] = NULL; - *_group_size = num_group_sids + 1; + *_group_size = i; *_group_sids = talloc_steal(mem_ctx, group_sids); *_user_sid = talloc_steal(mem_ctx, user_sid); ret = EOK; @@ -660,6 +734,8 @@ ad_gpo_ace_includes_client_sid(const char *user_sid, const char *host_sid, const char **group_sids, int group_size, + const char **host_group_sids, + int host_group_size, struct dom_sid ace_dom_sid, struct sss_idmap_ctx *idmap_ctx, bool *_included) @@ -717,6 +793,22 @@ ad_gpo_ace_includes_client_sid(const char *user_sid, } } + for (i = 0; i < host_group_size; i++) { + err = sss_idmap_sid_to_smb_sid(idmap_ctx, host_group_sids[i], &group_dom_sid); + if (err != IDMAP_SUCCESS) { + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_idmap_sid_to_smb_sid() failed for group_sid '%s': %d\n", + group_sids[i], err); + return EFAULT; + } + included = ad_gpo_dom_sid_equal(&ace_dom_sid, group_dom_sid); + sss_idmap_free_smb_sid(idmap_ctx, group_dom_sid); + if (included) { + *_included = true; + return EOK; + } + } + *_included = false; return EOK; } @@ -769,7 +861,9 @@ static enum ace_eval_agp_status ad_gpo_evaluate_ace(struct security_ace *ace, const char *user_sid, const char *host_sid, const char **group_sids, - int group_size) + int group_size, + const char **host_group_sids, + int host_group_size) { bool included = false; int ret = 0; @@ -781,9 +875,9 @@ static enum ace_eval_agp_status ad_gpo_evaluate_ace(struct security_ace *ace, } ret = ad_gpo_ace_includes_client_sid(user_sid, host_sid, group_sids, - group_size, ace->trustee, idmap_ctx, - &included); - + group_size, host_group_sids, + host_group_size, ace->trustee, + idmap_ctx, &included); if (ret != EOK) { return AD_GPO_ACE_DENIED; } @@ -843,6 +937,8 @@ static errno_t ad_gpo_simple_evaluate_ace(struct security_ace *ace, const char *host_sid, const char **group_sids, int group_size, + const char **host_group_sids, + int host_group_size, uint32_t *_gpo_access_granted_status, uint32_t *_gpo_access_denied_status) { @@ -855,6 +951,7 @@ static errno_t ad_gpo_simple_evaluate_ace(struct security_ace *ace, } ret = ad_gpo_ace_includes_client_sid(user_sid, host_sid, group_sids, group_size, + host_group_sids, host_group_size, ace->trustee, idmap_ctx, &included); if (ret != EOK || !included) { @@ -894,6 +991,8 @@ static errno_t ad_gpo_evaluate_dacl(struct security_acl *dacl, const char *host_sid, const char **group_sids, int group_size, + const char **host_group_sids, + int host_group_size, bool *_dacl_access_allowed) { uint32_t num_aces = 0; @@ -930,6 +1029,7 @@ static errno_t ad_gpo_evaluate_dacl(struct security_acl *dacl, ret = ad_gpo_simple_evaluate_ace(ace, idmap_ctx, user_sid, host_sid, group_sids, group_size, + host_group_sids, host_group_size, &access_granted_status, &access_denied_status); @@ -962,7 +1062,8 @@ static errno_t ad_gpo_evaluate_dacl(struct security_acl *dacl, } ace_status = ad_gpo_evaluate_ace(ace, idmap_ctx, user_sid, host_sid, - group_sids, group_size); + group_sids, group_size, + host_group_sids, host_group_size); switch (ace_status) { case AD_GPO_ACE_NEUTRAL: @@ -1015,8 +1116,9 @@ static errno_t ad_gpo_evaluate_dacl(struct security_acl *dacl, static errno_t ad_gpo_filter_gpos_by_dacl(TALLOC_CTX *mem_ctx, const char *user, - const char *host_sid, + const char *host_fqdn, struct sss_domain_info *domain, + struct sss_domain_info *host_domain, struct sss_idmap_ctx *idmap_ctx, struct gp_gpo **candidate_gpos, int num_candidate_gpos, @@ -1032,6 +1134,9 @@ ad_gpo_filter_gpos_by_dacl(TALLOC_CTX *mem_ctx, const char *user_sid = NULL; const char **group_sids = NULL; int group_size = 0; + const char *host_sid = NULL; + const char **host_group_sids = NULL; + int host_group_size = 0; int gpo_dn_idx = 0; bool access_allowed = false; struct gp_gpo **dacl_filtered_gpos = NULL; @@ -1042,7 +1147,7 @@ ad_gpo_filter_gpos_by_dacl(TALLOC_CTX *mem_ctx, goto done; } - ret = ad_gpo_get_sids(tmp_ctx, user, domain, &user_sid, + ret = ad_gpo_get_sids(tmp_ctx, user, domain, idmap_ctx, &user_sid, &group_sids, &group_size); if (ret != EOK) { ret = ERR_NO_SIDS; @@ -1051,6 +1156,15 @@ ad_gpo_filter_gpos_by_dacl(TALLOC_CTX *mem_ctx, goto done; } + ret = ad_gpo_get_sids(tmp_ctx, host_fqdn, host_domain, idmap_ctx, &host_sid, + &host_group_sids, &host_group_size); + if (ret != EOK) { + ret = ERR_NO_SIDS; + DEBUG(SSSDBG_OP_FAILURE, + "Unable to retrieve host SIDs: [%d](%s)\n", ret, sss_strerror(ret)); + goto done; + } + dacl_filtered_gpos = talloc_array(tmp_ctx, struct gp_gpo *, num_candidate_gpos + 1); @@ -1095,7 +1209,8 @@ ad_gpo_filter_gpos_by_dacl(TALLOC_CTX *mem_ctx, if ((sd->type & SEC_DESC_DACL_PRESENT) && (dacl != NULL)) { ret = ad_gpo_evaluate_dacl(dacl, idmap_ctx, user_sid, host_sid, - group_sids, group_size, &access_allowed); + group_sids, group_size, host_group_sids, + host_group_size, &access_allowed); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Could not determine if GPO is applicable\n"); @@ -1541,6 +1656,7 @@ ad_gpo_access_check(TALLOC_CTX *mem_ctx, const char *user, bool gpo_implicit_deny, struct sss_domain_info *domain, + struct sss_idmap_ctx *idmap_ctx, char **allowed_sids, int allowed_size, char **denied_sids, @@ -1567,7 +1683,7 @@ ad_gpo_access_check(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_TRACE_FUNC, " denied_sids[%d] = %s\n", j, denied_sids[j]); } - ret = ad_gpo_get_sids(mem_ctx, user, domain, &user_sid, + ret = ad_gpo_get_sids(mem_ctx, user, domain, idmap_ctx, &user_sid, &group_sids, &group_size); if (ret != EOK) { ret = ERR_NO_SIDS; @@ -1705,7 +1821,8 @@ ad_gpo_perform_hbac_processing(TALLOC_CTX *mem_ctx, const char *user, bool gpo_implicit_deny, struct sss_domain_info *user_domain, - struct sss_domain_info *host_domain) + struct sss_domain_info *host_domain, + struct sss_idmap_ctx *idmap_ctx) { int ret; const char *allow_key = NULL; @@ -1742,7 +1859,7 @@ ad_gpo_perform_hbac_processing(TALLOC_CTX *mem_ctx, /* perform access check with the final resultant allow_sids and deny_sids */ ret = ad_gpo_access_check(mem_ctx, gpo_mode, gpo_map_type, user, - gpo_implicit_deny, user_domain, + gpo_implicit_deny, user_domain, idmap_ctx, allow_sids, allow_size, deny_sids, deny_size); if (ret != EOK) { @@ -1772,6 +1889,8 @@ struct ad_gpo_access_state { int timeout; struct sss_domain_info *user_domain; struct sss_domain_info *host_domain; + const char *host_sam_account_name; + char *host_fqdn; const char *user; int gpo_timeout_option; const char *ad_hostname; @@ -1792,7 +1911,6 @@ static void ad_gpo_process_gpo_done(struct tevent_req *subreq); static errno_t ad_gpo_cse_step(struct tevent_req *req); static void ad_gpo_cse_done(struct tevent_req *subreq); -static void ad_gpo_get_host_sid_retrieval_done(struct tevent_req *subreq); struct tevent_req * ad_gpo_access_send(TALLOC_CTX *mem_ctx, @@ -1936,6 +2054,7 @@ process_offline_gpos(TALLOC_CTX *mem_ctx, enum gpo_access_control_mode gpo_mode, struct sss_domain_info *user_domain, struct sss_domain_info *host_domain, + struct sss_idmap_ctx *idmap_ctx, enum gpo_map_type gpo_map_type) { @@ -1947,7 +2066,8 @@ process_offline_gpos(TALLOC_CTX *mem_ctx, user, gpo_implicit_deny, user_domain, - host_domain); + host_domain, + idmap_ctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "HBAC processing failed: [%d](%s}\n", ret, sss_strerror(ret)); @@ -1966,15 +2086,11 @@ ad_gpo_connect_done(struct tevent_req *subreq) { struct tevent_req *req; struct ad_gpo_access_state *state; - char *filter; - const char *sam_account_name; - char *domain_dn; int dp_error; errno_t ret; char *server_uri; LDAPURLDesc *lud; - - const char *attrs[] = {AD_AT_DN, AD_AT_UAC, NULL}; + struct sdap_domain *sdom; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct ad_gpo_access_state); @@ -1996,6 +2112,7 @@ ad_gpo_connect_done(struct tevent_req *subreq) state->gpo_mode, state->user_domain, state->host_domain, + state->opts->idmap_ctx->map, state->gpo_map_type); if (ret == EOK) { @@ -2040,47 +2157,41 @@ ad_gpo_connect_done(struct tevent_req *subreq) /* SDAP_SASL_AUTHID contains the name used for kinit and SASL bind which * in the AD case is the NetBIOS name. */ - sam_account_name = dp_opt_get_string(state->opts->basic, SDAP_SASL_AUTHID); - if (sam_account_name == NULL) { + state->host_sam_account_name = dp_opt_get_string(state->opts->basic, + SDAP_SASL_AUTHID); + if (state->host_sam_account_name == NULL) { ret = ENOMEM; goto done; } - DEBUG(SSSDBG_TRACE_FUNC, "sam_account_name is %s\n", sam_account_name); + DEBUG(SSSDBG_TRACE_FUNC, "sam_account_name is %s\n", + state->host_sam_account_name); - /* Convert the domain name into domain DN */ - ret = domain_to_basedn(state, state->ad_domain, &domain_dn); - if (ret != EOK) { + state->host_fqdn = sss_create_internal_fqname(state, state->host_sam_account_name, + state->host_domain->name); + if (state->host_fqdn == NULL) { DEBUG(SSSDBG_OP_FAILURE, - "Cannot convert domain name [%s] to base DN [%d]: %s\n", - state->ad_domain, ret, sss_strerror(ret)); - goto done; - } - - /* SDAP_OC_USER objectclass covers both users and computers */ - filter = talloc_asprintf(state, - "(&(objectclass=%s)(%s=%s))", - state->opts->user_map[SDAP_OC_USER].name, - state->opts->user_map[SDAP_AT_USER_NAME].name, - sam_account_name); - if (filter == NULL) { + "Failed to create fully-qualified host name.\n"); ret = ENOMEM; goto done; } - subreq = sdap_get_generic_send(state, state->ev, state->opts, - sdap_id_op_handle(state->sdap_op), - domain_dn, LDAP_SCOPE_SUBTREE, - filter, attrs, NULL, 0, - state->timeout, - false); - - if (subreq == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "sdap_get_generic_send failed.\n"); + /* AD handle computers the same as users */ + sdom = sdap_domain_get(state->access_ctx->ad_id_ctx->sdap_id_ctx->opts, + state->host_domain); + if (sdom == NULL) { ret = EIO; goto done; } + subreq = groups_by_user_send(state, state->ev, + state->access_ctx->ad_id_ctx->sdap_id_ctx, + sdom, state->conn, + state->host_fqdn, + BE_FILTER_NAME, + NULL, + true, + true); tevent_req_set_callback(subreq, ad_gpo_target_dn_retrieval_done, req); ret = EOK; @@ -2099,22 +2210,20 @@ ad_gpo_target_dn_retrieval_done(struct tevent_req *subreq) struct ad_gpo_access_state *state; int ret; int dp_error; - size_t reply_count; - struct sysdb_attrs **reply; + int sdap_ret; const char *target_dn = NULL; uint32_t uac; - const char *attrs[] = {AD_AT_SID, NULL}; - struct ldb_message *msg; - static const char *host_attrs[] = { SYSDB_SID_STR, NULL }; + static const char *host_attrs[] = { SYSDB_ORIG_DN, SYSDB_AD_USER_ACCOUNT_CONTROL, SYSDB_SID_STR, NULL }; + struct ldb_result *res = NULL; + const char *tmp = NULL; + char *endptr; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct ad_gpo_access_state); - ret = sdap_get_generic_recv(subreq, state, - &reply_count, &reply); + ret = groups_by_user_recv(subreq, &dp_error, &sdap_ret); talloc_zfree(subreq); if (ret != EOK) { - ret = sdap_id_op_done(state->sdap_op, ret, &dp_error); - if (ret == EAGAIN && dp_error == DP_ERR_OFFLINE) { + if (sdap_ret == EAGAIN && dp_error == DP_ERR_OFFLINE) { DEBUG(SSSDBG_TRACE_FUNC, "Preparing for offline operation.\n"); ret = process_offline_gpos(state, state->user, @@ -2122,6 +2231,7 @@ ad_gpo_target_dn_retrieval_done(struct tevent_req *subreq) state->gpo_mode, state->user_domain, state->host_domain, + state->opts->idmap_ctx->map, state->gpo_map_type); if (ret == EOK) { @@ -2143,27 +2253,25 @@ ad_gpo_target_dn_retrieval_done(struct tevent_req *subreq) goto done; } - /* make sure there is only one non-NULL reply returned */ - - if (reply_count < 1) { - DEBUG(SSSDBG_OP_FAILURE, "No DN retrieved for policy target.\n"); - ret = ENOENT; - goto done; - } else if (reply_count > 1) { - DEBUG(SSSDBG_OP_FAILURE, "Multiple replies for policy target\n"); - ret = ERR_INTERNAL; + ret = sysdb_get_user_attr(state, state->host_domain, + state->host_fqdn, + host_attrs, &res); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to read host attributes.\n"); goto done; - } else if (reply == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "reply_count is 1, but reply is NULL\n"); - ret = ERR_INTERNAL; + } + if (res->count != 1) { + DEBUG(SSSDBG_OP_FAILURE, "Unexpected number [%d] of results searching " + "for [%s], expected 1.\n", res->count, + state->host_sam_account_name); + ret = EINVAL; goto done; } - /* reply[0] holds requested attributes of single reply */ - ret = sysdb_attrs_get_string(reply[0], AD_AT_DN, &target_dn); - if (ret != EOK) { + target_dn = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_ORIG_DN, NULL); + if (target_dn == NULL) { DEBUG(SSSDBG_OP_FAILURE, - "sysdb_attrs_get_string failed: [%d](%s)\n", + "ldb_msg_find_attr_as_string failed: [%d](%s)\n", ret, sss_strerror(ret)); goto done; } @@ -2173,14 +2281,29 @@ ad_gpo_target_dn_retrieval_done(struct tevent_req *subreq) goto done; } - ret = sysdb_attrs_get_uint32_t(reply[0], AD_AT_UAC, &uac); - if (ret != EOK) { + tmp = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_AD_USER_ACCOUNT_CONTROL, + NULL); + if (tmp == NULL) { DEBUG(SSSDBG_OP_FAILURE, - "sysdb_attrs_get_uint32_t failed: [%d](%s)\n", + "ldb_msg_find_attr_as_string failed: [%d](%s)\n", ret, sss_strerror(ret)); goto done; } + uac = strtouint32(tmp, &endptr, 10); + if (errno != 0) { + ret = errno; + DEBUG(SSSDBG_OP_FAILURE, "Failed to convert UAC [%s] into uint32_t.\n", + tmp); + goto done; + } + if (*endptr != '\0') { + ret = EINVAL; + DEBUG(SSSDBG_OP_FAILURE, "UAC [%s] is not a pure numerical value.\n", + tmp); + goto done; + } + /* we only support computer policy targets, not users */ if (!(uac & UAC_WORKSTATION_TRUST_ACCOUNT || uac & UAC_SERVER_TRUST_ACCOUNT)) { @@ -2191,36 +2314,8 @@ ad_gpo_target_dn_retrieval_done(struct tevent_req *subreq) goto done; } - /* Check if computer exists in cache */ - ret = sysdb_get_computer(state, state->user_domain, state->ad_hostname, - host_attrs, &msg); - if (ret == ENOENT) { - /* The computer is not in cache so query LDAP server */ - subreq = sdap_get_generic_send(state, state->ev, state->opts, - sdap_id_op_handle(state->sdap_op), - state->target_dn, LDAP_SCOPE_BASE, - "(&)", attrs, NULL, 0, - state->timeout, - false); - - if (subreq == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "sdap_get_generic_send failed.\n"); - ret = ENOMEM; - goto done; - } - - tevent_req_set_callback(subreq, ad_gpo_get_host_sid_retrieval_done, req); - return; - } else if (ret != EOK) { - ret = sdap_id_op_done(state->sdap_op, ret, &dp_error); - goto done; - } - - /* The computer exists in the cache, there is no need to query LDAP. - * Store the retrieved host sid from cache in the state to avoid querying - * the cache again in ad_gpo_get_sids. - */ - state->host_sid = ldb_msg_find_attr_as_string(msg, SYSDB_SID_STR, NULL); + state->host_sid = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SID_STR, + NULL); talloc_steal(state, state->host_sid); subreq = ad_gpo_process_som_send(state, @@ -2250,125 +2345,6 @@ ad_gpo_target_dn_retrieval_done(struct tevent_req *subreq) } -enum ndr_err_code -ndr_pull_dom_sid(struct ndr_pull *ndr, - int ndr_flags, - struct dom_sid *r); - -static void ad_gpo_get_host_sid_retrieval_done(struct tevent_req *subreq) -{ - struct tevent_req *req; - struct ad_gpo_access_state *state; - int ret; - int dp_error; - size_t reply_count; - struct sysdb_attrs **reply; - struct ldb_message_element *el = NULL; - enum ndr_err_code ndr_err; - struct dom_sid host_sid; - char *sid_str; - - req = tevent_req_callback_data(subreq, struct tevent_req); - state = tevent_req_data(req, struct ad_gpo_access_state); - - ret = sdap_get_generic_recv(subreq, state, - &reply_count, &reply); - talloc_zfree(subreq); - - if (ret != EOK) { - ret = sdap_id_op_done(state->sdap_op, ret, &dp_error); - - DEBUG(SSSDBG_OP_FAILURE, - "sdap_get_generic_recv failed: [%d](%s)\n", - ret, sss_strerror(ret)); - ret = ENOENT; - tevent_req_error(req, ret); - return; - } - - if (reply_count == 0 || !reply) { - DEBUG(SSSDBG_OP_FAILURE, - "sdap_get_generic_recv failed to receive host sid\n"); - ret = EIO; - goto done; - } - - /* reply[0] holds the requested attribute */ - ret = sysdb_attrs_get_el(reply[0], AD_AT_SID, &el); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "sysdb_attrs_get_el failed: [%d](%s)\n", - ret, sss_strerror(ret)); - goto done; - } - if (el->num_values != 1) { - DEBUG(SSSDBG_OP_FAILURE, - "ad_gpo_get_host_sid_retrieval_done failed: sid not present\n"); - ret = EIO; - goto done; - } - - /* parse the dom_sid from the ldb blob */ - ndr_err = ndr_pull_struct_blob_all((DATA_BLOB*)&(el->values[0]), - subreq, &host_sid, - (ndr_pull_flags_fn_t)ndr_pull_dom_sid); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - DEBUG(SSSDBG_OP_FAILURE, - "ndr_pull_struct_blob_all failed: [%d]\n", - ndr_err); - ret = EIO; - goto done; - } - - /* Convert the dom_sid to a sid string */ - ret = sss_idmap_smb_sid_to_sid(state->opts->idmap_ctx->map, - &host_sid, &sid_str); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "sss_idmap_smb_sid_to_sid failed: [%d](%s)\n", - ret, sss_strerror(ret)); - goto done; - } - state->host_sid = talloc_steal(state, sid_str); - - /* Put the sid string in the sysdb */ - ret = sysdb_set_computer(subreq, state->user_domain, - state->ad_hostname, state->host_sid, - state->user_domain->computer_timeout, - time(NULL)); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "sysdb_set_computer failed: [%d](%s)\n", - ret, sss_strerror(ret)); - goto done; - } - - subreq = ad_gpo_process_som_send(state, - state->ev, - state->conn, - state->ldb_ctx, - state->sdap_op, - state->opts, - state->access_ctx->ad_options, - state->timeout, - state->target_dn, - state->ad_domain); - if (subreq == NULL) { - ret = ENOMEM; - goto done; - } - - tevent_req_set_callback(subreq, ad_gpo_process_som_done, req); - - ret = EOK; - - done: - - if (ret != EOK) { - tevent_req_error(req, ret); - } -} - static void ad_gpo_process_som_done(struct tevent_req *subreq) { @@ -2486,8 +2462,9 @@ ad_gpo_process_gpo_done(struct tevent_req *subreq) goto done; } - ret = ad_gpo_filter_gpos_by_dacl(state, state->user, state->host_sid, + ret = ad_gpo_filter_gpos_by_dacl(state, state->user, state->host_fqdn, state->user_domain, + state->host_domain, state->opts->idmap_ctx->map, candidate_gpos, num_candidate_gpos, &state->dacl_filtered_gpos, @@ -2784,7 +2761,8 @@ ad_gpo_cse_done(struct tevent_req *subreq) state->user, state->gpo_implicit_deny, state->user_domain, - state->host_domain); + state->host_domain, + state->opts->idmap_ctx->map); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "HBAC processing failed: [%d](%s}\n", ret, sss_strerror(ret)); @@ -3434,7 +3412,7 @@ ad_gpo_get_som_attrs_done(struct tevent_req *subreq) goto done; } if ((num_results < 1) || (results == NULL)) { - DEBUG(SSSDBG_OP_FAILURE, "no attrs found for SOM; try next SOM.\n"); + DEBUG(SSSDBG_FUNC_DATA, "no attrs found for SOM; try next SOM.\n"); state->som_index++; ret = ad_gpo_get_som_attrs_step(req); goto done; @@ -3455,7 +3433,7 @@ ad_gpo_get_som_attrs_done(struct tevent_req *subreq) } if ((ret == ENOENT) || (el->num_values == 0)) { - DEBUG(SSSDBG_OP_FAILURE, "no attrs found for SOM; try next SOM\n"); + DEBUG(SSSDBG_FUNC_DATA, "gpLink attr not found or has no values\n"); state->som_index++; ret = ad_gpo_get_som_attrs_step(req); goto done; diff --git a/src/providers/ad/ad_gpo_child.c b/src/providers/ad/ad_gpo_child.c index 630a08c5b73..2f2807bec2d 100644 --- a/src/providers/ad/ad_gpo_child.c +++ b/src/providers/ad/ad_gpo_child.c @@ -659,7 +659,7 @@ main(int argc, const char *argv[]) poptContext pc; int dumpable = 1; int debug_fd = -1; - uint64_t chain_id; + long chain_id = 0; const char *opt_logger = NULL; errno_t ret; int sysvol_gpt_version = -1; @@ -718,7 +718,7 @@ main(int argc, const char *argv[]) } sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_RID); - sss_chain_id_set(chain_id); + sss_chain_id_set((uint64_t)chain_id); DEBUG_INIT(debug_level, opt_logger); diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c index 2d686eca05d..f452f285a24 100644 --- a/src/providers/ad/ad_init.c +++ b/src/providers/ad/ad_init.c @@ -421,7 +421,7 @@ static errno_t ad_init_misc(struct be_ctx *be_ctx, return ret; } - ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain); + ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain, false); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize certificate mapping rules. " diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index db7f1c3c710..a8d1892cc6e 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -1216,7 +1216,7 @@ static void ad_get_slave_domain_connect_done(struct tevent_req *subreq) int dp_error; errno_t ret; const char *attrs[] = { AD_AT_FLATNAME, AD_AT_TRUST_PARTNER, - AD_AT_SID, AD_AT_TRUST_TYPE, + AD_AT_SID, AD_AT_TRUST_TYPE, AD_AT_DOMAIN_NAME, AD_AT_TRUST_ATTRS, AD_AT_TRUST_DIRECTION, NULL }; req = tevent_req_callback_data(subreq, struct tevent_req); diff --git a/src/providers/be_dyndns.c b/src/providers/be_dyndns.c index 2de9a13a9cd..2c655ef1eeb 100644 --- a/src/providers/be_dyndns.c +++ b/src/providers/be_dyndns.c @@ -402,7 +402,7 @@ nsupdate_msg_add_ptr(char *update_msg, struct sss_iface_addr *addresses, } updateipv4 = talloc_asprintf_append(updateipv4, - "update add %s %d in PTR %s.\n", + "update add %s %d in PTR %s.\nsend\n", ptr, ttl, hostname); break; case AF_INET6: @@ -415,7 +415,7 @@ nsupdate_msg_add_ptr(char *update_msg, struct sss_iface_addr *addresses, } } updateipv6 = talloc_asprintf_append(updateipv6, - "update add %s %d in PTR %s.\n", + "update add %s %d in PTR %s.\nsend\n", ptr, ttl, hostname); break; } @@ -426,21 +426,9 @@ nsupdate_msg_add_ptr(char *update_msg, struct sss_iface_addr *addresses, } } - if (update_per_family && updateipv4[0] && updateipv6[0]) { - /* update per family and both families present */ - return talloc_asprintf_append(update_msg, - "%s" - "send\n" - "%s" - "send\n", - updateipv4, - updateipv6); - } - return talloc_asprintf_append(update_msg, "%s" - "%s" - "send\n", + "%s", updateipv4, updateipv6); } diff --git a/src/providers/data_provider/dp_request.c b/src/providers/data_provider/dp_request.c index df2db26662b..9c0fcf1f522 100644 --- a/src/providers/data_provider/dp_request.c +++ b/src/providers/data_provider/dp_request.c @@ -204,7 +204,8 @@ dp_req_new(TALLOC_CTX *mem_ctx, if (domainname != NULL) { dp_req->domain = find_domain_by_name(be_ctx->domain, domainname, true); if (dp_req->domain == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unknown domain: %s\n", domainname); + /* domain might be skipped by 'ad_enabled_domains' option */ + DEBUG(SSSDBG_CONF_SETTINGS, "Unknown domain: %s\n", domainname); return ERR_DOMAIN_NOT_FOUND; } } diff --git a/src/providers/data_provider/dp_targets.c b/src/providers/data_provider/dp_targets.c index 4289666200d..75cb47d8ae2 100644 --- a/src/providers/data_provider/dp_targets.c +++ b/src/providers/data_provider/dp_targets.c @@ -184,8 +184,10 @@ static errno_t dp_target_run_constructor(struct dp_target *target, ret = fn(target, be_ctx, target->module->module_data, target->methods); if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, "Target [%s] constructor failed " - "[%d]: %s\n", target->name, ret, sss_strerror(ret)); + if (ret != ENOTSUP) { + DEBUG(SSSDBG_FATAL_FAILURE, "Target [%s] constructor failed " + "[%d]: %s\n", target->name, ret, sss_strerror(ret)); + } goto done; } } else { diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c index eca5f2f8e5b..b0aed54e97b 100644 --- a/src/providers/data_provider_fo.c +++ b/src/providers/data_provider_fo.c @@ -594,6 +594,14 @@ static void be_resolve_server_done(struct tevent_req *subreq) tevent_req_error(req, ret); } +static void dump_be_svc_data(const struct be_svc_data *svc) +{ + DEBUG(SSSDBG_OP_FAILURE, "be_svc_data: name=[%s] last_good_srv=[%s] " + "last_good_port=[%d] last_status_change=[%"SPRItime"]\n", + svc->name, svc->last_good_srv, svc->last_good_port, + svc->last_status_change); +} + errno_t be_resolve_server_process(struct tevent_req *subreq, struct be_resolve_server_state *state, struct tevent_req **new_subreq) @@ -681,6 +689,12 @@ errno_t be_resolve_server_process(struct tevent_req *subreq, fo_get_server_str_name(state->srv), ipaddr, srvaddr->addr_list[0]->ttl); } + } else { + DEBUG(SSSDBG_CRIT_FAILURE, "Missing server name.\n"); + dump_be_svc_data(state->svc); + dump_fo_server(state->srv); + dump_fo_server_list(state->srv); + return ENOENT; } srv_status_change = fo_get_server_hostname_last_change(state->srv); diff --git a/src/providers/fail_over.c b/src/providers/fail_over.c index 9cb26838c9e..7cb64244877 100644 --- a/src/providers/fail_over.c +++ b/src/providers/fail_over.c @@ -200,6 +200,59 @@ str_srv_data_status(enum srv_lookup_status status) return "unknown SRV lookup status"; } +static void dump_srv_data(const struct srv_data *srv_data) +{ + if (srv_data == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "srv_data is NULL\n"); + return; + } + + DEBUG(SSSDBG_OP_FAILURE, "srv_data: dns_domain [%s] discovery_domain [%s] " + "sssd_domain [%s] proto [%s] srv [%s] " + "srv_lookup_status [%s] ttl [%d] " + "last_status_change [%"SPRItime"]\n", + srv_data->dns_domain == NULL ? "dns_domain is NULL" + : srv_data->dns_domain, + srv_data->discovery_domain == NULL ? "discovery_domain is NULL" + : srv_data->discovery_domain, + srv_data->sssd_domain == NULL ? "sssd_domain is NULL" + : srv_data->sssd_domain, + srv_data->proto == NULL ? "proto is NULL" + : srv_data->proto, + srv_data->srv == NULL ? "srv is NULL" + : srv_data->srv, + str_srv_data_status(srv_data->srv_lookup_status), + srv_data->ttl, srv_data->last_status_change.tv_sec); +} + +void dump_fo_server(const struct fo_server *srv) +{ + DEBUG(SSSDBG_OP_FAILURE, "fo_server: primary [%s] port [%d] " + "port_status [%s] common->name [%s].\n", + srv->primary ? "true" : "false", srv->port, + str_port_status(srv->port_status), + srv->common == NULL ? "common is NULL" + : (srv->common->name == NULL + ? "common->name is NULL" + : srv->common->name)); + dump_srv_data(srv->srv_data); +} + +void dump_fo_server_list(const struct fo_server *srv) +{ + const struct fo_server *s; + + s = srv; + while (s->prev != NULL) { + s = s->prev; + } + + while (s != NULL) { + dump_fo_server(s); + s = s->next; + } +} + static const char * str_server_status(enum server_status status) { diff --git a/src/providers/fail_over.h b/src/providers/fail_over.h index 92a0456b565..36021ad6ffb 100644 --- a/src/providers/fail_over.h +++ b/src/providers/fail_over.h @@ -88,6 +88,9 @@ struct fo_options { enum restrict_family family_order; }; +void dump_fo_server(const struct fo_server *srv); +void dump_fo_server_list(const struct fo_server *srv); + /* * Create a new fail over context based on options passed in the * opts parameter diff --git a/src/providers/files/files_init.c b/src/providers/files/files_init.c index 54f3600a2ff..ab6fa870b4f 100644 --- a/src/providers/files/files_init.c +++ b/src/providers/files/files_init.c @@ -195,7 +195,7 @@ int sssm_files_init(TALLOC_CTX *mem_ctx, goto done; } - ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain); + ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain, true); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize certificate mapping rules. " diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index 1c49e4d4eec..1d61a1052aa 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -140,6 +140,8 @@ static void get_password_migration_flag_done(struct tevent_req *subreq) ret = ipa_get_config_recv(subreq, state, &reply); talloc_zfree(subreq); if (ret) { + DEBUG(SSSDBG_IMPORTANT_INFO, "Unable to retrieve migration flag " + "from IPA server"); goto done; } diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index ff2bccd1314..82b9622bde9 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -134,6 +134,7 @@ enum ipa_override_attrs { IPA_AT_OVERRIDE_GROUP_GID_NUMBER, IPA_AT_OVERRIDE_USER_SSH_PUBLIC_KEY, IPA_AT_OVERRIDE_USER_CERT, + IPA_AT_OVERRIDE_OBJECTCLASS, IPA_OPTS_OVERRIDE }; diff --git a/src/providers/ipa/ipa_config.c b/src/providers/ipa/ipa_config.c index 46bc9caeab9..23f0c5847ae 100644 --- a/src/providers/ipa/ipa_config.c +++ b/src/providers/ipa/ipa_config.c @@ -132,8 +132,8 @@ static void ipa_get_config_done(struct tevent_req *subreq) } if (reply_count != 1) { - DEBUG(SSSDBG_OP_FAILURE, "Unexpected number of results, expected 1, " - "got %zu.\n", reply_count); + DEBUG(SSSDBG_MINOR_FAILURE, "Unexpected number of results, expected 1, " + "got %zu.\n", reply_count); ret = EINVAL; goto done; } diff --git a/src/providers/ipa/ipa_hbac_users.c b/src/providers/ipa/ipa_hbac_users.c index 25850eac013..2f9e9865de7 100644 --- a/src/providers/ipa/ipa_hbac_users.c +++ b/src/providers/ipa/ipa_hbac_users.c @@ -91,7 +91,7 @@ get_ipa_groupname(TALLOC_CTX *mem_ctx, /* RDN has the wrong attribute name. * It's not a group. */ - DEBUG(SSSDBG_CRIT_FAILURE, + DEBUG(SSSDBG_TRACE_INTERNAL, "Expected cn in RDN, got %s\n", rdn_name); ret = ERR_UNEXPECTED_ENTRY_TYPE; goto done; @@ -332,9 +332,10 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, num_groups++; } else { /* Not a group, so we don't care about it */ - DEBUG(SSSDBG_CRIT_FAILURE, + DEBUG(SSSDBG_TRACE_FUNC, "[%s] does not map to either a user or group. " - "Skipping\n", member_dn); + "Maybe it is an object which is currently not in the " + "cache. Skipping\n", member_dn); } } } diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index 636e079651f..fcac56ce283 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -291,66 +291,65 @@ static int ipa_initgr_get_overrides_step(struct tevent_req *req) int ret; struct tevent_req *subreq; const char *ipa_uuid; + const char *dn; struct ipa_initgr_get_overrides_state *state = tevent_req_data(req, struct ipa_initgr_get_overrides_state); - DEBUG(SSSDBG_TRACE_LIBS, - "Processing group %zu/%zu\n", state->group_idx, state->group_count); + for (; state->group_idx < state->group_count; state->group_idx++) { + dn = ldb_dn_get_linearized(state->groups[state->group_idx]->dn); - if (state->group_idx >= state->group_count) { - return EOK; - } + DEBUG(SSSDBG_TRACE_LIBS, "Processing group %s (%zu/%zu)\n", + dn, state->group_idx, state->group_count); - ipa_uuid = ldb_msg_find_attr_as_string(state->groups[state->group_idx], - state->groups_id_attr, NULL); - if (ipa_uuid == NULL) { - /* This should never happen, the search filter used to get the list - * of groups includes "uuid=*" - */ - DEBUG(SSSDBG_OP_FAILURE, - "The group %s has no UUID attribute %s, error!\n", - ldb_dn_get_linearized(state->groups[state->group_idx]->dn), - state->groups_id_attr); - return EINVAL; - } + ipa_uuid = ldb_msg_find_attr_as_string(state->groups[state->group_idx], + state->groups_id_attr, NULL); + if (ipa_uuid == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "The group %s has no UUID attribute %s, error!\n", + dn, state->groups_id_attr); + continue; + } - talloc_free(state->ar); /* Avoid spiking memory with many groups */ + talloc_free(state->ar); /* Avoid spiking memory with many groups */ - if (strcmp(state->groups_id_attr, SYSDB_UUID) == 0) { - ret = get_dp_id_data_for_uuid(state, ipa_uuid, - state->user_dom->name, &state->ar); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "get_dp_id_data_for_sid failed.\n"); - return ret; - } - } else if (strcmp(state->groups_id_attr, SYSDB_SID_STR) == 0) { - ret = get_dp_id_data_for_sid(state, ipa_uuid, - state->user_dom->name, &state->ar); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "get_dp_id_data_for_sid failed.\n"); - return ret; + if (strcmp(state->groups_id_attr, SYSDB_UUID) == 0) { + ret = get_dp_id_data_for_uuid(state, ipa_uuid, + state->user_dom->name, &state->ar); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "get_dp_id_data_for_sid failed.\n"); + return ret; + } + } else if (strcmp(state->groups_id_attr, SYSDB_SID_STR) == 0) { + ret = get_dp_id_data_for_sid(state, ipa_uuid, + state->user_dom->name, &state->ar); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "get_dp_id_data_for_sid failed.\n"); + return ret; + } + } else { + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported groups ID type [%s].\n", + state->groups_id_attr); + return EINVAL; } - } else { - DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported groups ID type [%s].\n", - state->groups_id_attr); - return EINVAL; - } - DEBUG(SSSDBG_TRACE_LIBS, "Fetching group %s\n", ipa_uuid); + DEBUG(SSSDBG_TRACE_LIBS, "Fetching group %s: %s\n", dn, ipa_uuid); - subreq = ipa_get_ad_override_send(state, state->ev, - state->ipa_ctx->sdap_id_ctx, - state->ipa_ctx->ipa_options, - state->realm, - state->ipa_ctx->view_name, - state->ar); - if (subreq == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "ipa_get_ad_override_send failed.\n"); - return ENOMEM; + subreq = ipa_get_ad_override_send(state, state->ev, + state->ipa_ctx->sdap_id_ctx, + state->ipa_ctx->ipa_options, + state->realm, + state->ipa_ctx->view_name, + state->ar); + if (subreq == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "ipa_get_ad_override_send failed.\n"); + return ENOMEM; + } + tevent_req_set_callback(subreq, + ipa_initgr_get_overrides_override_done, req); + return EAGAIN; } - tevent_req_set_callback(subreq, - ipa_initgr_get_overrides_override_done, req); - return EAGAIN; + + return EOK; } static void ipa_initgr_get_overrides_override_done(struct tevent_req *subreq) diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c index 52d90af4ff1..57f11a50796 100644 --- a/src/providers/ipa/ipa_netgroups.c +++ b/src/providers/ipa/ipa_netgroups.c @@ -70,7 +70,10 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, struct ldb_message_element *el; struct sysdb_attrs *netgroup_attrs; const char *name = NULL; + char **missing; + int missing_index; int ret; + int i; size_t c; ret = sysdb_attrs_get_el(attrs, @@ -90,6 +93,23 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, goto fail; } + missing = talloc_zero_array(netgroup_attrs, char *, attrs->num + 1); + if (missing == NULL) { + ret = ENOMEM; + goto fail; + } + + for (i = 0, missing_index = 0; i < attrs->num; i++) { + if (attrs->a[i].num_values == 0) { + missing[missing_index] = talloc_strdup(missing, attrs->a[i].name); + if (missing[missing_index] == NULL) { + ret = ENOMEM; + goto fail; + } + missing_index++; + } + } + ret = sysdb_attrs_get_el(attrs, SYSDB_ORIG_DN, &el); if (ret) { goto fail; @@ -138,7 +158,6 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, if (el->num_values == 0) { DEBUG(SSSDBG_TRACE_LIBS, "No original members for netgroup [%s]\n", name); - } else { DEBUG(SSSDBG_TRACE_LIBS, "Adding original members to netgroup [%s]\n", name); @@ -173,7 +192,7 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_TRACE_FUNC, "Storing info for netgroup %s\n", name); - ret = sysdb_add_netgroup(dom, name, NULL, netgroup_attrs, NULL, + ret = sysdb_add_netgroup(dom, name, NULL, netgroup_attrs, missing, dom->netgroup_timeout, 0); if (ret) goto fail; @@ -866,6 +885,18 @@ static int ipa_netgr_process_all(struct ipa_get_netgroups_state *state) hash_iterate(state->new_netgroups, extract_netgroups, state); for (i = 0; i < state->netgroups_count; i++) { + /* Make sure these attributes always exist, so we can remove them if + * there are no members. */ + ret = sysdb_attrs_add_empty(state->netgroups[i], SYSDB_NETGROUP_MEMBER); + if (ret != EOK) { + goto done; + } + + ret = sysdb_attrs_add_empty(state->netgroups[i], SYSDB_NETGROUP_TRIPLE); + if (ret != EOK) { + goto done; + } + /* load all its member netgroups, translate */ DEBUG(SSSDBG_TRACE_INTERNAL, "Extracting netgroup members of netgroup %d\n", i); ret = sysdb_attrs_get_string_array(state->netgroups[i], diff --git a/src/providers/ipa/ipa_opts.c b/src/providers/ipa/ipa_opts.c index cd3968026a9..97cddb1d70d 100644 --- a/src/providers/ipa/ipa_opts.c +++ b/src/providers/ipa/ipa_opts.c @@ -323,6 +323,7 @@ struct sdap_attr_map ipa_override_map[] = { { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, { "ldap_user_ssh_public_key", "ipaSshPubKey", SYSDB_SSH_PUBKEY, NULL }, { "ldap_user_certificate", "userCertificate;binary", SYSDB_USER_CERT, NULL }, + { "", "objectClass", SYSDB_ORIG_OBJECTCLASS, NULL }, /* We don't want this to be configurable */ SDAP_ATTR_MAP_TERMINATOR }; diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index 616757e2d51..ec944d91f4f 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -663,9 +663,9 @@ static errno_t get_extra_attrs(BerElement *ber, struct resp_attrs *resp_attrs) v.length = values[c]->bv_len; } - ret = sysdb_attrs_add_val(resp_attrs->sysdb_attrs, name, &v); + ret = sysdb_attrs_add_val_safe(resp_attrs->sysdb_attrs, name, &v); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_val failed.\n"); + DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_val_safe failed.\n"); ldap_memfree(name); ber_bvecfree(values); return ret; diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index d133bfa8bbd..16a8d7b39b3 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -1149,7 +1149,7 @@ static void ipa_get_selinux_config_done(struct tevent_req *subreq) ret = ipa_get_config_recv(subreq, state, &state->defaults); talloc_free(subreq); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Could not get IPA config\n"); + DEBUG(SSSDBG_IMPORTANT_INFO, "Could not get IPA config\n"); goto done; } diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index fb2d8304c1a..075f6f47066 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -30,7 +30,9 @@ #include "providers/ipa/ipa_id.h" #include "providers/ipa/ipa_opts.h" #include "providers/ipa/ipa_config.h" +#ifdef BUILD_PASSKEY #include "providers/ipa/ipa_subdomains_passkey.h" +#endif /* BUILD_PASSKEY */ #include <ctype.h> @@ -1947,7 +1949,7 @@ static void ipa_domain_resolution_order_done(struct tevent_req *subreq) ret = ipa_get_config_recv(subreq, state, &config); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, + DEBUG(SSSDBG_IMPORTANT_INFO, "Failed to get the domains' resolution order configuration " "from the server [%d]: %s\n", ret, sss_strerror(ret)); @@ -1958,7 +1960,7 @@ static void ipa_domain_resolution_order_done(struct tevent_req *subreq) ret = sysdb_attrs_get_string(config, IPA_DOMAIN_RESOLUTION_ORDER, &domain_resolution_order); if (ret != EOK && ret != ENOENT) { - DEBUG(SSSDBG_OP_FAILURE, + DEBUG(SSSDBG_IMPORTANT_INFO, "Failed to get the domains' resolution order configuration " "value [%d]: %s\n", ret, sss_strerror(ret)); @@ -2608,7 +2610,9 @@ static errno_t ipa_subdomains_refresh_retry(struct tevent_req *req); static void ipa_subdomains_refresh_connect_done(struct tevent_req *subreq); static void ipa_subdomains_refresh_ranges_done(struct tevent_req *subreq); static void ipa_subdomains_refresh_certmap_done(struct tevent_req *subreq); +#ifdef BUILD_PASSKEY static void ipa_subdomains_refresh_passkey_done(struct tevent_req *subreq); +#endif /* BUILD_PASSKEY */ static void ipa_subdomains_refresh_master_done(struct tevent_req *subreq); static void ipa_subdomains_refresh_slave_done(struct tevent_req *subreq); static void ipa_subdomains_refresh_view_name_done(struct tevent_req *subreq); @@ -2762,6 +2766,7 @@ static void ipa_subdomains_refresh_certmap_done(struct tevent_req *subreq) /* Not good, but let's try to continue with other server side options */ } +#ifdef BUILD_PASSKEY subreq = ipa_subdomains_passkey_send(state, state->ev, state->sd_ctx, sdap_id_op_handle(state->sdap_op)); if (subreq == NULL) { @@ -2786,10 +2791,13 @@ static void ipa_subdomains_refresh_passkey_done(struct tevent_req *subreq) ret = ipa_subdomains_passkey_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get passkey configuration " + DEBUG(SSSDBG_MINOR_FAILURE, "Unable to get passkey configuration " "[%d]: %s\n", ret, sss_strerror(ret)); /* Not good, but let's try to continue with other server side options */ + DEBUG(SSSDBG_IMPORTANT_INFO, "Passkey feature is not configured " + "on IPA server\n"); } +#endif /* BUILD_PASSKEY */ subreq = ipa_subdomains_master_send(state, state->ev, state->sd_ctx, sdap_id_op_handle(state->sdap_op)); diff --git a/src/providers/ipa/ipa_subdomains_ext_groups.c b/src/providers/ipa/ipa_subdomains_ext_groups.c index b352b754d99..f4f84749a2d 100644 --- a/src/providers/ipa/ipa_subdomains_ext_groups.c +++ b/src/providers/ipa/ipa_subdomains_ext_groups.c @@ -883,7 +883,7 @@ static void ipa_add_ad_memberships_get_next(struct tevent_req *req) state->sdap_id_ctx->conn, fq_name, BE_FILTER_NAME, - false, false); + false, false, false); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, "groups_get_send failed.\n"); ret = ENOMEM; @@ -985,7 +985,7 @@ search_user_or_group_by_sid_str(TALLOC_CTX *mem_ctx, break; case ENOENT: DEBUG(SSSDBG_TRACE_FUNC, - "Could not find %s in sysdb", sid_str); + "Could not find %s in sysdb\n", sid_str); break; default: DEBUG(SSSDBG_OP_FAILURE, diff --git a/src/providers/ipa/ipa_subdomains_passkey.c b/src/providers/ipa/ipa_subdomains_passkey.c index e5ea1fbd52d..d5dd2757a55 100644 --- a/src/providers/ipa/ipa_subdomains_passkey.c +++ b/src/providers/ipa/ipa_subdomains_passkey.c @@ -94,8 +94,8 @@ void ipa_subdomains_passkey_done(struct tevent_req *subreq) ret = ipa_get_config_recv(subreq, state, &config); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Unable to get data from LDAP [%d]: %s\n", - ret, sss_strerror(ret)); + DEBUG(SSSDBG_MINOR_FAILURE, "Unable to get data from LDAP [%d]: %s\n", + ret, sss_strerror(ret)); goto done; } diff --git a/src/providers/ipa/ipa_sudo_conversion.c b/src/providers/ipa/ipa_sudo_conversion.c index 543f71a7b63..220d937b6fb 100644 --- a/src/providers/ipa/ipa_sudo_conversion.c +++ b/src/providers/ipa/ipa_sudo_conversion.c @@ -1082,7 +1082,7 @@ combine_cmdgroups(TALLOC_CTX *mem_ctx, } ret = add_strings_lists(mem_ctx, values, cmdgroup->expanded, - false, discard_const(&values)); + false, &values); if (ret != EOK) { talloc_free(tmp_ctx); return NULL; diff --git a/src/providers/ipa/ipa_views.c b/src/providers/ipa/ipa_views.c index 50243098ae5..3e58949e140 100644 --- a/src/providers/ipa/ipa_views.c +++ b/src/providers/ipa/ipa_views.c @@ -27,6 +27,114 @@ #include "util/cert.h" #include "providers/ldap/sdap_async.h" #include "providers/ipa/ipa_id.h" +#include "db/sysdb.h" + +#define MAX_USER_AND_GROUP_REPLIES 2 + +static errno_t get_user_or_group(TALLOC_CTX *mem_ctx, + struct ipa_options *ipa_opts, + struct sysdb_attrs *attrs, + enum sysdb_obj_type *_what_is) +{ + errno_t ret; + const char **values; + const char **value; + bool is_user = false; + bool is_group = false; + const char *ov_user_name = ipa_opts->override_map[IPA_OC_OVERRIDE_USER].name; + const char *ov_group_name = ipa_opts->override_map[IPA_OC_OVERRIDE_GROUP].name; + + ret = sysdb_attrs_get_string_array(attrs, SYSDB_ORIG_OBJECTCLASS, mem_ctx, &values); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to retrieve attribute [%s].\n", + SYSDB_ORIG_OBJECTCLASS); + return ret; + } + + /* We assume an entry can be a user or a group override but not both. + * So we leave as soon as we identify one of them. */ + if (values != NULL) { + for (value = values; *value != NULL; value++) { + if (strcasecmp(*value, ov_user_name) == 0) { + is_user = true; + break; + } else if (strcasecmp(*value, ov_group_name) == 0) { + is_group = true; + break; + } + } + talloc_free(values); + } + + /* We also assume it must be necessarily a user or a group. */ + if (!is_user && !is_group) { + DEBUG(SSSDBG_OP_FAILURE, "Unexpected override found.\n"); + return EINVAL; + } + + if (_what_is != NULL) { + *_what_is = is_user ? SYSDB_USER : SYSDB_GROUP; + } + + return EOK; +} + +/* Verify there are exactly 1 user and 1 group override. Any other combination + * is wrong. Then keep only the group override. */ +static errno_t check_and_filter_user_and_group(struct ipa_options *ipa_opts, + struct sysdb_attrs **reply, + size_t *reply_count) +{ + errno_t ret; + TALLOC_CTX *tmp_ctx; + enum sysdb_obj_type entry_is[MAX_USER_AND_GROUP_REPLIES]; + int i; + + if (*reply_count != MAX_USER_AND_GROUP_REPLIES) { + DEBUG(SSSDBG_TRACE_INTERNAL, "Expected %i replies but got %lu\n", + MAX_USER_AND_GROUP_REPLIES, *reply_count); + return EINVAL; + } + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to allocate memory.\n"); + return ENOMEM; + } + + for (i = 0; i < MAX_USER_AND_GROUP_REPLIES; i++) { + ret = get_user_or_group(tmp_ctx, ipa_opts, reply[i], &entry_is[i]); + if (ret != EOK) { + goto done; + } + } + + if (entry_is[0] == SYSDB_USER && entry_is[1] == SYSDB_USER) { + DEBUG(SSSDBG_CRIT_FAILURE, "Found 2 user overrides.\n"); + ret = EINVAL; + goto done; + } else if (entry_is[0] == SYSDB_GROUP && entry_is[1] == SYSDB_GROUP) { + DEBUG(SSSDBG_CRIT_FAILURE, "Found 2 group overrides.\n"); + ret = EINVAL; + goto done; + } + + /* We have one user and one group override. Keep only the group override. */ + DEBUG(SSSDBG_TRACE_INTERNAL, "Keeping only the group override.\n"); + if (entry_is[0] == SYSDB_USER) { + talloc_free(reply[0]); + reply[0] = reply[1]; + } else { + talloc_free(reply[1]); + } + reply[1] = NULL; + *reply_count = 1; + +done: + talloc_free(tmp_ctx); + + return ret; +} static errno_t dp_id_data_to_override_filter(TALLOC_CTX *mem_ctx, struct ipa_options *ipa_opts, @@ -73,10 +181,12 @@ static errno_t dp_id_data_to_override_filter(TALLOC_CTX *mem_ctx, break; case BE_REQ_USER_AND_GROUP: - filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(|(%s=%s)(%s=%s)))", - ipa_opts->override_map[IPA_OC_OVERRIDE].name, + filter = talloc_asprintf(mem_ctx, + "(|(&(objectClass=%s)(%s=%s))(&(objectClass=%s)(%s=%s)))", + ipa_opts->override_map[IPA_OC_OVERRIDE_USER].name, ipa_opts->override_map[IPA_AT_OVERRIDE_USER_NAME].name, - ar->filter_value, + sanitized_name, + ipa_opts->override_map[IPA_OC_OVERRIDE_GROUP].name, ipa_opts->override_map[IPA_AT_OVERRIDE_GROUP_NAME].name, sanitized_name); break; @@ -115,10 +225,11 @@ static errno_t dp_id_data_to_override_filter(TALLOC_CTX *mem_ctx, case BE_REQ_USER_AND_GROUP: filter = talloc_asprintf(mem_ctx, - "(&(objectClass=%s)(|(%s=%"PRIu32")(%s=%"PRIu32")))", - ipa_opts->override_map[IPA_OC_OVERRIDE].name, + "(|(&(objectClass=%s)(%s=%"PRIu32"))(&(objectClass=%s)(%s=%"PRIu32")))", + ipa_opts->override_map[IPA_OC_OVERRIDE_USER].name, ipa_opts->override_map[IPA_AT_OVERRIDE_UID_NUMBER].name, id, + ipa_opts->override_map[IPA_OC_OVERRIDE_GROUP].name, ipa_opts->override_map[IPA_AT_OVERRIDE_GROUP_GID_NUMBER].name, id); break; @@ -456,6 +567,16 @@ static void ipa_get_ad_override_done(struct tevent_req *subreq) state->dp_error = DP_ERR_OK; tevent_req_done(req); return; + } else if (reply_count == MAX_USER_AND_GROUP_REPLIES && + (state->ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_USER_AND_GROUP) { + DEBUG(SSSDBG_TRACE_ALL, + "Found two overrides with BE_REQ_USER_AND_GROUP filter [%s].\n", + state->filter); + ret = check_and_filter_user_and_group(state->ipa_options, reply, + &reply_count); + if (ret != EOK) { + goto fail; + } } else if (reply_count > 1) { DEBUG(SSSDBG_CRIT_FAILURE, "Found [%zu] overrides with filter [%s], expected only 1.\n", diff --git a/src/providers/ipa/selinux_child.c b/src/providers/ipa/selinux_child.c index 8ca1bd1fcea..063bea44d21 100644 --- a/src/providers/ipa/selinux_child.c +++ b/src/providers/ipa/selinux_child.c @@ -220,7 +220,7 @@ int main(int argc, const char *argv[]) bool needs_update; const char *username; const char *opt_logger = NULL; - uint64_t chain_id; + long chain_id; struct poptOption long_options[] = { POPT_AUTOHELP @@ -269,7 +269,7 @@ int main(int argc, const char *argv[]) } sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_RID); - sss_chain_id_set(chain_id); + sss_chain_id_set((uint64_t)chain_id); DEBUG_INIT(debug_level, opt_logger); diff --git a/src/providers/krb5/krb5_ccache.c b/src/providers/krb5/krb5_ccache.c index 5b80fec52c8..88f75a8d824 100644 --- a/src/providers/krb5/krb5_ccache.c +++ b/src/providers/krb5/krb5_ccache.c @@ -637,12 +637,12 @@ errno_t get_ccache_file_data(const char *ccache_file, const char *client_name, krb5_free_cred_contents(ctx, &cred); kerr = krb5_cc_close(ctx, cc); + cc = NULL; if (kerr != 0) { KRB5_DEBUG(SSSDBG_OP_FAILURE, ctx, kerr); DEBUG(SSSDBG_CRIT_FAILURE, "krb5_cc_close failed.\n"); goto done; } - cc = NULL; kerr = 0; @@ -781,14 +781,14 @@ krb5_error_code copy_ccache_into_memory(TALLOC_CTX *mem_ctx, krb5_context kctx, talloc_free(mem_name); } - free(ccache_name); + krb5_free_string(kctx, ccache_name); krb5_free_principal(kctx, princ); if (krb5_cc_close(kctx, ccache) != 0) { DEBUG(SSSDBG_OP_FAILURE, "krb5_cc_close failed.\n"); } - if (krb5_cc_close(kctx, mem_ccache) != 0) { + if ((mem_ccache != NULL) && (krb5_cc_close(kctx, mem_ccache) != 0)) { DEBUG(SSSDBG_OP_FAILURE, "krb5_cc_close failed.\n"); } diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index ae2c23aa98b..5c21c91516b 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -40,15 +40,20 @@ #include "util/sss_chain_id.h" #include "util/sss_ptr_hash.h" #include "src/util/util_errors.h" -#include "responder/pam/pamsrv_passkey.h" #include "providers/backend.h" #include "providers/krb5/krb5_auth.h" #include "providers/krb5/krb5_utils.h" #include "krb5_plugin/idp/idp.h" +#ifdef BUILD_PASSKEY +#include "responder/pam/pamsrv_passkey.h" #include "krb5_plugin/passkey/passkey.h" +#endif /* BUILD_PASSKEY */ #include "sss_cli.h" #define SSSD_KRB5_CHANGEPW_PRINCIPAL "kadmin/changepw" +#ifndef BUILD_PASSKEY +#define SSSD_PASSKEY_QUESTION "passkey" +#endif /* BUILD_PASSKEY */ typedef krb5_error_code (*k5_init_creds_password_fn_t)(krb5_context context, krb5_creds *creds, @@ -122,7 +127,9 @@ static krb5_context krb5_error_ctx; static errno_t k5c_attach_otp_info_msg(struct krb5_req *kr); static errno_t k5c_attach_oauth2_info_msg(struct krb5_req *kr, struct sss_idp_oauth2 *data); +#ifdef BUILD_PASSKEY static errno_t k5c_attach_passkey_msg(struct krb5_req *kr, struct sss_passkey_challenge *data); +#endif /* BUILD_PASSKEY */ static errno_t k5c_attach_keep_alive_msg(struct krb5_req *kr); static errno_t k5c_recv_data(struct krb5_req *kr, int fd, uint32_t *offline); static errno_t k5c_send_data(struct krb5_req *kr, int fd, errno_t error); @@ -937,6 +944,87 @@ static krb5_error_code answer_idp_oauth2(krb5_context kctx, return kerr; } +#ifdef BUILD_PASSKEY +static errno_t k5c_attach_passkey_msg(struct krb5_req *kr, + struct sss_passkey_challenge *data) +{ + uint8_t *msg; + const char *user_verification; + int i; + size_t msg_len = 0; + size_t domain_len = 0; + size_t crypto_len = 0; + size_t num_creds = 0; + size_t cred_len = 0; + size_t verification_len = 0; + size_t idx = 0; + errno_t ret; + + if (data->domain == NULL || data->credential_id_list == NULL + || data->cryptographic_challenge == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Empty passkey domain, credential id list, or cryptographic " + "challenge\n"); + return EINVAL; + } + + user_verification = data->user_verification == 0 ? "false" : "true"; + verification_len = strlen(user_verification) + 1; + msg_len += verification_len; + + crypto_len = strlen(data->cryptographic_challenge) + 1; + msg_len += crypto_len; + + domain_len = strlen(data->domain) + 1; + msg_len += domain_len; + + /* credentials list size */ + msg_len += sizeof(uint32_t); + + for (i = 0; data->credential_id_list[i] != NULL; i++) { + msg_len += (strlen(data->credential_id_list[i]) + 1); + } + num_creds = i; + + msg = talloc_zero_size(kr, msg_len); + if (msg == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_size failed.\n"); + return ENOMEM; + } + + /* To avoid sending extraneous data back and forth to pam_sss, + * (and reduce boilerplate memcpy code) only the user + * verification and cryptographic challenge are retrieved in pam_sss. + * + * The remaining passkey data (domain, creds list, num_creds) + * is sent to the PAM responder and stored in a hash table. The + * challenge is used as a unique key of the hash table. The pam_sss + * reply includes the challenge which is used to lookup the passkey + * data in the PAM responder, ensuring it matches the originating + * request */ + memcpy(msg + idx, user_verification, verification_len); + idx += verification_len; + + memcpy(msg + idx, data->cryptographic_challenge, crypto_len); + idx += crypto_len; + + memcpy(msg + idx, data->domain, domain_len); + idx += domain_len; + + SAFEALIGN_COPY_UINT32(msg + idx, &num_creds, &idx); + + for (i = 0; data->credential_id_list[i] != NULL; i++) { + cred_len = strlen(data->credential_id_list[i]) + 1; + memcpy(msg + idx, data->credential_id_list[i], cred_len); + idx += cred_len; + } + + ret = pam_add_response(kr->pd, SSS_PAM_PASSKEY_KRB_INFO, msg_len, msg); + talloc_zfree(msg); + + return ret; +} + static krb5_error_code passkey_preauth(struct krb5_req *kr, struct sss_passkey_challenge *passkey) { @@ -994,11 +1082,16 @@ static krb5_error_code passkey_preauth(struct krb5_req *kr, talloc_free(tmpkr); return ret; } +#endif /* BUILD_PASSKEY */ static krb5_error_code answer_passkey(krb5_context kctx, struct krb5_req *kr, krb5_responder_context rctx) { +#ifndef BUILD_PASSKEY + DEBUG(SSSDBG_TRACE_FUNC, "Passkey auth not possible, SSSD built without passkey support!\n"); + return EINVAL; +#else enum sss_authtok_type type; struct sss_passkey_message *msg; struct sss_passkey_message *reply_msg = NULL; @@ -1051,7 +1144,7 @@ static krb5_error_code answer_passkey(krb5_context kctx, phase = SSS_PASSKEY_PHASE_REPLY; state = SSSD_PASSKEY_REPLY_STATE; - reply_msg = sss_passkey_prefix_json_data(phase, state, reply); + reply_msg = sss_passkey_message_from_reply_json(phase, state, reply); if (reply_msg == NULL) { DEBUG(SSSDBG_OP_FAILURE, "Unable to prefix passkey message\n"); kerr = EINVAL; @@ -1090,6 +1183,7 @@ static krb5_error_code answer_passkey(krb5_context kctx, } return kerr; +#endif /* BUILD_PASSKEY */ } static krb5_error_code sss_krb5_responder(krb5_context ctx, @@ -1220,7 +1314,7 @@ static krb5_error_code create_empty_cred(krb5_context ctx, krb5_principal princ, krb5_creds *cred = NULL; krb5_data *krb5_realm; - cred = calloc(sizeof(krb5_creds), 1); + cred = calloc(1, sizeof(krb5_creds)); if (cred == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "calloc failed.\n"); return ENOMEM; @@ -1400,6 +1494,9 @@ static krb5_error_code create_ccache(char *ccname, krb5_creds *creds) /* FIXME: should we krb5_cc_destroy in case of error? */ krb5_cc_close(kctx, kcc); } + + krb5_free_context(kctx); + return kerr; } @@ -1556,85 +1653,6 @@ static errno_t k5c_attach_oauth2_info_msg(struct krb5_req *kr, return ret; } -static errno_t k5c_attach_passkey_msg(struct krb5_req *kr, - struct sss_passkey_challenge *data) -{ - uint8_t *msg; - const char *user_verification; - int i; - size_t msg_len = 0; - size_t domain_len = 0; - size_t crypto_len = 0; - size_t num_creds = 0; - size_t cred_len = 0; - size_t verification_len = 0; - size_t idx = 0; - errno_t ret; - - if (data->domain == NULL || data->credential_id_list == NULL - || data->cryptographic_challenge == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Empty passkey domain, credential id list, or cryptographic " - "challenge\n"); - return EINVAL; - } - - user_verification = data->user_verification == 0 ? "false" : "true"; - verification_len = strlen(user_verification) + 1; - msg_len += verification_len; - - crypto_len = strlen(data->cryptographic_challenge) + 1; - msg_len += crypto_len; - - domain_len = strlen(data->domain) + 1; - msg_len += domain_len; - - /* credentials list size */ - msg_len += sizeof(uint32_t); - - for (i = 0; data->credential_id_list[i] != NULL; i++) { - msg_len += (strlen(data->credential_id_list[i]) + 1); - } - num_creds = i; - - msg = talloc_zero_size(kr, msg_len); - if (msg == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "talloc_size failed.\n"); - return ENOMEM; - } - - /* To avoid sending extraneous data back and forth to pam_sss, - * (and reduce boilerplate memcpy code) only the user - * verification and cryptographic challenge are retrieved in pam_sss. - * - * The remaining passkey data (domain, creds list, num_creds) - * is sent to the PAM responder and stored in a hash table. The - * challenge is used as a unique key of the hash table. The pam_sss - * reply includes the challenge which is used to lookup the passkey - * data in the PAM responder, ensuring it matches the originating - * request */ - memcpy(msg + idx, user_verification, verification_len); - idx += verification_len; - - memcpy(msg + idx, data->cryptographic_challenge, crypto_len); - idx += crypto_len; - - memcpy(msg + idx, data->domain, domain_len); - idx += domain_len; - - SAFEALIGN_COPY_UINT32(msg + idx, &num_creds, &idx); - - for (i = 0; data->credential_id_list[i] != NULL; i++) { - cred_len = strlen(data->credential_id_list[i]) + 1; - memcpy(msg + idx, data->credential_id_list[i], cred_len); - idx += cred_len; - } - - ret = pam_add_response(kr->pd, SSS_PAM_PASSKEY_KRB_INFO, msg_len, msg); - talloc_zfree(msg); - - return ret; -} static errno_t k5c_attach_keep_alive_msg(struct krb5_req *kr) { @@ -1851,6 +1869,7 @@ static krb5_error_code validate_tgt(struct krb5_req *kr) if (kerr != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "error reading keytab [%s], " \ "not verifying TGT.\n", kr->keytab); + krb5_kt_close(kr->ctx, keytab); return kerr; } @@ -1865,6 +1884,7 @@ static krb5_error_code validate_tgt(struct krb5_req *kr) &validation_princ); if (kerr != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "krb5_copy_principal failed.\n"); + krb5_kt_end_seq_get(kr->ctx, keytab, &cursor); goto done; } @@ -3995,7 +4015,7 @@ int main(int argc, const char *argv[]) krb5_error_code kerr; uid_t fast_uid = 0; gid_t fast_gid = 0; - uint64_t chain_id = 0; + long chain_id = 0; struct cli_opts cli_opts = { 0 }; int sss_creds_password = 0; long dummy_long = 0; @@ -4091,7 +4111,7 @@ int main(int argc, const char *argv[]) } sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_RID); - sss_chain_id_set(chain_id); + sss_chain_id_set((uint64_t)chain_id); DEBUG_INIT(debug_level, opt_logger); diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c index 2559d25223b..54088e4d605 100644 --- a/src/providers/krb5/krb5_child_handler.c +++ b/src/providers/krb5/krb5_child_handler.c @@ -281,6 +281,9 @@ static void krb5_child_timeout(struct tevent_context *ev, return; } + /* No I/O expected anymore, make sure sockets are closed properly */ + state->io->in_use = false; + DEBUG(SSSDBG_IMPORTANT_INFO, "Timeout for child [%d] reached. In case KDC is distant or network " "is slow you may consider increasing value of krb5_auth_timeout.\n", @@ -512,6 +515,9 @@ static void child_keep_alive_timeout(struct tevent_context *ev, DEBUG(SSSDBG_IMPORTANT_INFO, "Keep alive timeout for child [%d] reached.\n", io->pid); + /* No I/O expected anymore, make sure sockets are closed properly */ + io->in_use = false; + krb5_child_terminate(io->pid); } diff --git a/src/providers/krb5/krb5_keytab.c b/src/providers/krb5/krb5_keytab.c index e70408b9b94..db383d411dd 100644 --- a/src/providers/krb5/krb5_keytab.c +++ b/src/providers/krb5/krb5_keytab.c @@ -214,6 +214,9 @@ krb5_error_code copy_keytab_into_memory(TALLOC_CTX *mem_ctx, krb5_context kctx, if (kerr != 0) { talloc_free(mem_name); + if ((mem_keytab != NULL) && krb5_kt_close(kctx, mem_keytab) != 0) { + DEBUG(SSSDBG_MINOR_FAILURE, "krb5_kt_close failed.\n"); + } } if (tmp_mem_keytab != NULL && krb5_kt_close(kctx, tmp_mem_keytab) != 0) { diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index fbc829e5d38..8ec4d3af5a6 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -164,9 +164,11 @@ static errno_t check_pwexpire_shadow(struct spwd *spwd, time_t now, if (spwd->sp_max != -1 && password_age > spwd->sp_max) { DEBUG(SSSDBG_CONF_SETTINGS, "Password expired.\n"); - ret = add_expired_warning(pd, 0); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "add_expired_warning failed.\n"); + if (pd != NULL) { + ret = add_expired_warning(pd, 0); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "add_expired_warning failed.\n"); + } } return ERR_PASSWORD_EXPIRED; } diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c index 4818240d4c9..6c167d239e7 100644 --- a/src/providers/ldap/ldap_child.c +++ b/src/providers/ldap/ldap_child.c @@ -212,6 +212,7 @@ static int lc_verify_keytab_ex(const char *principal, DEBUG(SSSDBG_FATAL_FAILURE, "Could not parse keytab entry\n"); sss_log(SSS_LOG_ERR, "Could not parse keytab entry\n"); + krb5_kt_end_seq_get(context, keytab, &cursor); return EIO; } @@ -366,12 +367,6 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, } DEBUG(SSSDBG_CONF_SETTINGS, "Principal name is: [%s]\n", full_princ); - krberr = krb5_parse_name(context, full_princ, &kprinc); - if (krberr != 0) { - DEBUG(SSSDBG_OP_FAILURE, "krb5_parse_name() failed: %d\n", krberr); - goto done; - } - if (keytab_name) { krberr = krb5_kt_resolve(context, keytab_name, &keytab); } else { @@ -446,8 +441,14 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, goto done; } + krberr = krb5_parse_name(context, full_princ, &kprinc); + if (krberr != 0) { + DEBUG(SSSDBG_OP_FAILURE, "krb5_parse_name() failed: %d\n", krberr); + goto done; + } krberr = krb5_get_init_creds_keytab(context, &my_creds, kprinc, keytab, 0, NULL, options); + krb5_free_principal(context, kprinc); if (krberr != 0) { DEBUG(SSSDBG_OP_FAILURE, "krb5_get_init_creds_keytab() failed: %d\n", krberr); diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index 1b35cbd2081..7159d635641 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -295,9 +295,23 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, const char *name, int filter_type, bool noexist_delete, - bool no_members); + bool no_members, + bool set_non_posix); int groups_get_recv(struct tevent_req *req, int *dp_error_out, int *sdap_ret); +struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, + struct tevent_context *ev, + struct sdap_id_ctx *ctx, + struct sdap_domain *sdom, + struct sdap_id_conn_ctx *conn, + const char *filter_value, + int filter_type, + const char *extra_value, + bool noexist_delete, + bool set_non_posix); + +int groups_by_user_recv(struct tevent_req *req, int *dp_error_out, int *sdap_ret); + struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index a60aed0686f..da54816bdf9 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -165,7 +165,8 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, const char *filter_value, int filter_type, const char *extra_value, - bool noexist_delete) + bool noexist_delete, + bool set_non_posix) { struct tevent_req *req; struct users_get_state *state; @@ -202,7 +203,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, state->filter_value = filter_value; state->filter_type = filter_type; - if (state->domain->type == DOM_TYPE_APPLICATION) { + if (state->domain->type == DOM_TYPE_APPLICATION || set_non_posix) { state->non_posix = true; } @@ -582,7 +583,8 @@ static void users_get_done(struct tevent_req *subreq) ret = sdap_fallback_local_user(state, state->shortname, uid, &usr_attrs); if (ret == EOK) { ret = sdap_save_user(state, state->ctx->opts, state->domain, - usr_attrs[0], NULL, NULL, 0); + usr_attrs[0], NULL, NULL, 0, + state->non_posix); } } } @@ -665,7 +667,8 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, const char *filter_value, int filter_type, bool noexist_delete, - bool no_members) + bool no_members, + bool set_non_posix) { struct tevent_req *req; struct groups_get_state *state; @@ -703,7 +706,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, state->filter_value = filter_value; state->filter_type = filter_type; - if (state->domain->type == DOM_TYPE_APPLICATION) { + if (state->domain->type == DOM_TYPE_APPLICATION || set_non_posix) { state->non_posix = true; } @@ -991,7 +994,8 @@ static void groups_get_done(struct tevent_req *subreq) state->filter_value, state->filter_type, NULL, - state->noexist_delete); + state->noexist_delete, + false); if (subreq == NULL) { tevent_req_error(req, ENOMEM); return; @@ -1151,15 +1155,16 @@ static int groups_by_user_retry(struct tevent_req *req); static void groups_by_user_connect_done(struct tevent_req *subreq); static void groups_by_user_done(struct tevent_req *subreq); -static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, - struct tevent_context *ev, - struct sdap_id_ctx *ctx, - struct sdap_domain *sdom, - struct sdap_id_conn_ctx *conn, - const char *filter_value, - int filter_type, - const char *extra_value, - bool noexist_delete) +struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, + struct tevent_context *ev, + struct sdap_id_ctx *ctx, + struct sdap_domain *sdom, + struct sdap_id_conn_ctx *conn, + const char *filter_value, + int filter_type, + const char *extra_value, + bool noexist_delete, + bool set_non_posix) { struct tevent_req *req; struct groups_by_user_state *state; @@ -1188,7 +1193,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, state->domain = sdom->dom; state->sysdb = sdom->dom->sysdb; - if (state->domain->type == DOM_TYPE_APPLICATION) { + if (state->domain->type == DOM_TYPE_APPLICATION || set_non_posix) { state->non_posix = true; } @@ -1252,7 +1257,8 @@ static void groups_by_user_connect_done(struct tevent_req *subreq) state->filter_value, state->filter_type, state->extra_value, - state->attrs); + state->attrs, + state->non_posix); if (!subreq) { tevent_req_error(req, ENOMEM); return; @@ -1421,7 +1427,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, ar->filter_value, ar->filter_type, ar->extra_value, - noexist_delete); + noexist_delete, + false); break; case BE_REQ_GROUP: /* group */ @@ -1429,7 +1436,7 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, sdom, conn, ar->filter_value, ar->filter_type, - noexist_delete, false); + noexist_delete, false, false); break; case BE_REQ_INITGROUPS: /* init groups for user */ @@ -1446,7 +1453,7 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, ar->filter_value, ar->filter_type, ar->extra_value, - noexist_delete); + noexist_delete, false); break; case BE_REQ_SUBID_RANGES: @@ -1545,7 +1552,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, ar->filter_value, ar->filter_type, ar->extra_value, - noexist_delete); + noexist_delete, + false); break; default: /*fail*/ @@ -1741,7 +1749,7 @@ static struct tevent_req *get_user_and_group_send(TALLOC_CTX *memctx, subreq = groups_get_send(req, state->ev, state->id_ctx, state->sdom, state->conn, state->filter_val, state->filter_type, - state->noexist_delete, false); + state->noexist_delete, false, false); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, "groups_get_send failed.\n"); ret = ENOMEM; @@ -1795,7 +1803,7 @@ static void get_user_and_group_groups_done(struct tevent_req *subreq) subreq = users_get_send(req, state->ev, state->id_ctx, state->sdom, user_conn, state->filter_val, state->filter_type, NULL, - state->noexist_delete); + state->noexist_delete, false); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, "users_get_send failed.\n"); tevent_req_error(req, ENOMEM); diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index 0be3467fb2e..8d96ea16ce9 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -220,7 +220,7 @@ static errno_t ldap_init_misc(struct be_ctx *be_ctx, "[%d]: %s\n", ret, sss_strerror(ret)); } - ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain); + ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain, false); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize certificate mapping rules. " diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index 232cb43c98e..f5637c5fbf5 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -1843,7 +1843,9 @@ errno_t sdap_get_primary_name(const char *attr_name, static errno_t sdap_get_primary_fqdn(TALLOC_CTX *mem_ctx, + struct sdap_idmap_ctx *idmap_ctx, const char *attr_name, + const char *sid_attr_name, struct sysdb_attrs *attrs, struct sss_domain_info *dom, const char **_primary_fqdn) @@ -1852,6 +1854,8 @@ sdap_get_primary_fqdn(TALLOC_CTX *mem_ctx, const char *shortname = NULL; const char *primary_fqdn = NULL; TALLOC_CTX *tmp_ctx; + char *sid_str = NULL; + struct sss_domain_info *subdomain = NULL; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -1863,6 +1867,25 @@ sdap_get_primary_fqdn(TALLOC_CTX *mem_ctx, goto done; } + /* In AD scenarion, the object can be from subdomain - identify it by SID */ + if (sid_attr_name != NULL) { + ret = sdap_attrs_get_sid_str(tmp_ctx, + idmap_ctx, + attrs, + sid_attr_name, + &sid_str); + + if (ret == EOK) { + DEBUG(SSSDBG_TRACE_INTERNAL, "Group has objectSID [%s]\n", sid_str); + subdomain = find_domain_by_sid(dom, sid_str); + talloc_free(sid_str); + if (subdomain != NULL) { + dom = subdomain; + } + } + DEBUG(SSSDBG_TRACE_INTERNAL, "Group has name [%s]\n", dom->name); + } + primary_fqdn = sss_create_internal_fqname(tmp_ctx, shortname, dom->name); if (primary_fqdn == NULL) { ret = ENOMEM; @@ -1883,7 +1906,9 @@ errno_t sdap_get_user_primary_name(TALLOC_CTX *memctx, const char **_user_name) { return sdap_get_primary_fqdn(memctx, + opts->idmap_ctx, opts->user_map[SDAP_AT_USER_NAME].name, + opts->group_map[SDAP_AT_USER_OBJECTSID].name, attrs, dom, _user_name); } @@ -1894,7 +1919,9 @@ errno_t sdap_get_group_primary_name(TALLOC_CTX *memctx, const char **_group_name) { return sdap_get_primary_fqdn(memctx, + opts->idmap_ctx, opts->group_map[SDAP_AT_GROUP_NAME].name, + opts->group_map[SDAP_AT_GROUP_OBJECTSID].name, attrs, dom, _group_name); } @@ -1913,6 +1940,8 @@ _sdap_get_primary_name_list(struct sss_domain_info *domain, size_t attr_count, const char *ldap_attr, bool qualify_names, + const char *sid_attr, + struct sdap_idmap_ctx *idmap_ctx, char ***name_list) { errno_t ret; @@ -1928,17 +1957,28 @@ _sdap_get_primary_name_list(struct sss_domain_info *domain, j = 0; for (i = 0; i < attr_count; i++) { - ret = sdap_get_primary_name(ldap_attr, attr_list[i], &name); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Could not determine primary name\n"); - /* Skip and continue. Don't advance 'j' */ - continue; - } - if (qualify_names == false) { + ret = sdap_get_primary_name(ldap_attr, attr_list[i], &name); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Could not determine primary name\n"); + /* Skip and continue. Don't advance 'j' */ + continue; + } list[j] = talloc_strdup(list, name); } else { - list[j] = sss_create_internal_fqname(list, name, domain->name); + ret = sdap_get_primary_fqdn(mem_ctx, + idmap_ctx, + ldap_attr, + sid_attr, + attr_list[i], + domain, + &name); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Could not determine primary fqdn name\n"); + /* Skip and continue. Don't advance 'j' */ + continue; + } + list[j] = talloc_strdup(list, name); } if (!list[j]) { ret = ENOMEM; @@ -1970,7 +2010,7 @@ errno_t sdap_get_primary_name_list(struct sss_domain_info *domain, char ***name_list) { return _sdap_get_primary_name_list(domain, mem_ctx, attr_list, attr_count, - ldap_attr, false, name_list); + ldap_attr, false, NULL, NULL, name_list); } errno_t sdap_get_primary_fqdn_list(struct sss_domain_info *domain, @@ -1978,10 +2018,12 @@ errno_t sdap_get_primary_fqdn_list(struct sss_domain_info *domain, struct sysdb_attrs **attr_list, size_t attr_count, const char *ldap_attr, + const char *sid_attr, + struct sdap_idmap_ctx *idmap_ctx, char ***name_list) { return _sdap_get_primary_name_list(domain, mem_ctx, attr_list, attr_count, - ldap_attr, true, name_list); + ldap_attr, true, sid_attr, idmap_ctx, name_list); } diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 678bf76701e..161bc5c269f 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -707,6 +707,8 @@ errno_t sdap_get_primary_fqdn_list(struct sss_domain_info *domain, struct sysdb_attrs **attr_list, size_t attr_count, const char *ldap_attr, + const char *sid_attr, + struct sdap_idmap_ctx *idmap_ctx, char ***name_list); errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse, diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index a7b0f691283..5458d21f10c 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -161,7 +161,8 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, const char *name, int filter_type, const char *extra_value, - const char **grp_attrs); + const char **grp_attrs, + bool set_non_posix); int sdap_get_initgr_recv(struct tevent_req *req); struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index e78662495dc..e8638725c78 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -860,15 +860,31 @@ static void simple_bind_done(struct sdap_op *op, } } else if (result == LDAP_INVALID_CREDENTIALS && pp_error == PP_passwordExpired) { + /* According to + * https://www.ietf.org/archive/id/draft-behera-ldap-password-policy-11.txt + * section 8.1.2.3.2. this condition means "No Remaining + * Grace Authentications". */ DEBUG(SSSDBG_TRACE_LIBS, - "Password expired user must set a new password.\n"); - ret = ERR_PASSWORD_EXPIRED; + "Password expired, grace logins exhausted.\n"); + ret = ERR_AUTH_FAILED; } } else if (strcmp(response_controls[c]->ldctl_oid, LDAP_CONTROL_PWEXPIRED) == 0) { - DEBUG(SSSDBG_TRACE_LIBS, - "Password expired user must set a new password.\n"); - ret = ERR_PASSWORD_EXPIRED; + /* I haven't found a proper documentation of this control only + * the Red Hat Directory Server documentation has a short + * description in the section "Understanding Password + * Expiration Controls", e.g. + * https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/understanding_password_expiration_controls + */ + if (result == LDAP_INVALID_CREDENTIALS) { + DEBUG(SSSDBG_TRACE_LIBS, + "Password expired, grace logins exhausted.\n"); + ret = ERR_AUTH_FAILED; + } else { + DEBUG(SSSDBG_TRACE_LIBS, + "Password expired, user must set a new password.\n"); + ret = ERR_PASSWORD_EXPIRED; + } } else if (strcmp(response_controls[c]->ldctl_oid, LDAP_CONTROL_PWEXPIRING) == 0) { /* ignore controls with suspiciously long values */ diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index 405260d1848..f36e5c5837a 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -2002,6 +2002,8 @@ static void sdap_get_groups_process(struct tevent_req *subreq) ret = sdap_get_primary_fqdn_list(state->dom, state, state->groups, state->count, state->opts->group_map[SDAP_AT_GROUP_NAME].name, + state->opts->group_map[SDAP_AT_GROUP_OBJECTSID].name, + state->opts->idmap_ctx, &sysdb_groupnamelist); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index c4842989bd5..97be594a389 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -53,6 +53,7 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, char *sid_str = NULL; bool use_id_mapping; bool need_filter; + struct sss_domain_info *subdomain; /* There are no groups in LDAP but we should add user to groups?? */ if (ldap_groups_count == 0) return EOK; @@ -68,7 +69,11 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, mi = 0; for (i=0; sysdb_groupnames[i]; i++) { - ret = sysdb_search_group_by_name(tmp_ctx, domain, sysdb_groupnames[i], NULL, + subdomain = find_domain_by_object_name(domain, sysdb_groupnames[i]); + if (subdomain == NULL) { + subdomain = domain; + } + ret = sysdb_search_group_by_name(tmp_ctx, subdomain, sysdb_groupnames[i], NULL, &msg); if (ret == EOK) { continue; @@ -222,7 +227,11 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, DEBUG(SSSDBG_TRACE_INTERNAL, "Adding fake group %s to sysdb\n", groupname); - ret = sysdb_add_incomplete_group(domain, groupname, gid, + subdomain = find_domain_by_object_name(domain, groupname); + if (subdomain == NULL) { + subdomain = domain; + } + ret = sysdb_add_incomplete_group(subdomain, groupname, gid, original_dn, sid_str, uuid, posix, now); if (ret == ERR_GID_DUPLICATED) { @@ -233,7 +242,7 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, * removed from the memory cache */ ret = sdap_handle_id_collision_for_incomplete_groups( - opts->dp, domain, groupname, gid, + opts->dp, subdomain, groupname, gid, original_dn, sid_str, uuid, posix, now); } @@ -667,6 +676,8 @@ sdap_nested_groups_store(struct sysdb_ctx *sysdb, if (count > 0) { ret = sdap_get_primary_fqdn_list(domain, tmp_ctx, groups, count, opts->group_map[SDAP_AT_GROUP_NAME].name, + opts->group_map[SDAP_AT_GROUP_OBJECTSID].name, + opts->idmap_ctx, &groupnamelist); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, @@ -1447,6 +1458,8 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx, ret = sdap_get_primary_fqdn_list(dom, tmp_ctx, ldap_parentlist, parents_count, opts->group_map[SDAP_AT_GROUP_NAME].name, + opts->group_map[SDAP_AT_GROUP_OBJECTSID].name, + opts->idmap_ctx, &ldap_parent_names_list); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, @@ -2105,6 +2118,8 @@ rfc2307bis_group_memberships_build(hash_entry_t *item, void *user_data) ret = sdap_get_primary_fqdn_list(mstate->dom, tmp_ctx, group->ldap_parents, group->parents_count, mstate->opts->group_map[SDAP_AT_GROUP_NAME].name, + mstate->opts->group_map[SDAP_AT_GROUP_OBJECTSID].name, + mstate->opts->idmap_ctx, &ldap_parents_names_list); if (ret != EOK) { goto done; @@ -2169,6 +2184,8 @@ errno_t save_rfc2307bis_user_memberships( ret = sdap_get_primary_fqdn_list(state->dom, tmp_ctx, state->direct_groups, state->num_direct_parents, state->opts->group_map[SDAP_AT_GROUP_NAME].name, + state->opts->group_map[SDAP_AT_GROUP_OBJECTSID].name, + state->opts->idmap_ctx, &ldap_grouplist); if (ret != EOK) { goto error; @@ -2718,7 +2735,8 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, const char *filter_value, int filter_type, const char *extra_value, - const char **grp_attrs) + const char **grp_attrs, + bool set_non_posix) { struct tevent_req *req; struct sdap_get_initgr_state *state; @@ -2754,7 +2772,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, goto done; } - if (state->dom->type == DOM_TYPE_APPLICATION) { + if (state->dom->type == DOM_TYPE_APPLICATION || set_non_posix) { state->non_posix = true; } @@ -3082,7 +3100,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) DEBUG(SSSDBG_TRACE_ALL, "Storing the user\n"); ret = sdap_save_user(state, state->opts, state->dom, state->orig_user, - NULL, NULL, 0); + NULL, NULL, 0, state->non_posix); if (ret) { goto fail; } @@ -3418,7 +3436,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) subreq = groups_get_send(req, state->ev, state->id_ctx, state->id_ctx->opts->sdom, state->conn, gid, BE_FILTER_IDNUM, false, - false); + false, false); if (!subreq) { ret = ENOMEM; goto done; diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index f5c88e2fbec..fb80c92429d 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -346,7 +346,7 @@ static errno_t sdap_ad_resolve_sids_step(struct tevent_req *req) subreq = groups_get_send(state, state->ev, state->id_ctx, sdap_domain, state->conn, state->current_sid, - BE_FILTER_SECID, false, true); + BE_FILTER_SECID, false, true, false); if (subreq == NULL) { return ENOMEM; } @@ -1333,6 +1333,8 @@ sdap_ad_get_domain_local_groups_parse_parents(TALLOC_CTX *mem_ctx, ret = sdap_get_primary_fqdn_list(dom, tmp_ctx, gr->ldap_parents, gr->parents_count, opts->group_map[SDAP_AT_GROUP_NAME].name, + opts->group_map[SDAP_AT_GROUP_OBJECTSID].name, + opts->idmap_ctx, &groupnamelist); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_primary_fqdn_list failed.\n"); @@ -1568,6 +1570,7 @@ errno_t sdap_ad_get_domain_local_groups_recv(struct tevent_req *req) struct sdap_ad_tokengroups_initgroups_state { bool use_id_mapping; + bool use_shortcut; struct sss_domain_info *domain; }; @@ -1591,7 +1594,6 @@ sdap_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx, struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; errno_t ret; - bool use_shortcut; char **param = NULL; req = tevent_req_create(mem_ctx, &state, @@ -1613,14 +1615,14 @@ sdap_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx, * to avoid having to transfer and retain members when the fake * tokengroups object without name is replaced by the full group object */ - use_shortcut = false; + state->use_shortcut = false; if (state->use_id_mapping && !IS_SUBDOMAIN(state->domain) && !state->domain->ignore_group_members) { ret = confdb_get_param(id_ctx->be->cdb, mem_ctx, id_ctx->be->conf_path, CONFDB_NSS_FILTER_GROUPS, ¶m); if (ret == EOK) { - use_shortcut = (param == NULL || param[0] == NULL); + state->use_shortcut = (param == NULL || param[0] == NULL); talloc_free(param); } else { DEBUG(SSSDBG_MINOR_FAILURE, "Failed to access %s: %i (%s)\n", @@ -1628,7 +1630,7 @@ sdap_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx, /* Continue without using the shortcut. Safest option. */ } } - if (use_shortcut) { + if (state->use_shortcut) { subreq = sdap_ad_tokengroups_initgr_mapping_send(state, ev, opts, sysdb, domain, sh, name, orig_dn, @@ -1659,9 +1661,7 @@ static void sdap_ad_tokengroups_initgroups_done(struct tevent_req *subreq) req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_ad_tokengroups_initgroups_state); - if (state->use_id_mapping - && !IS_SUBDOMAIN(state->domain) - && state->domain->ignore_group_members == false) { + if (state->use_shortcut) { ret = sdap_ad_tokengroups_initgr_mapping_recv(subreq); } else { ret = sdap_ad_tokengroups_initgr_posix_recv(subreq); diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index 9dcb59e233a..728295d9dfa 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -175,7 +175,8 @@ int sdap_save_user(TALLOC_CTX *memctx, struct sysdb_attrs *attrs, struct sysdb_attrs *mapped_attrs, char **_usn_value, - time_t now) + time_t now, + bool set_non_posix) { struct ldb_message_element *el; int ret; @@ -352,7 +353,7 @@ int sdap_save_user(TALLOC_CTX *memctx, ret = sysdb_attrs_get_uint32_t(attrs, opts->user_map[SDAP_AT_USER_UID].sys_name, &uid); - if (ret == ENOENT && dom->type == DOM_TYPE_APPLICATION) { + if (ret == ENOENT && (dom->type == DOM_TYPE_APPLICATION || set_non_posix)) { DEBUG(SSSDBG_TRACE_INTERNAL, "Marking object as non-POSIX and setting ID=0!\n"); ret = sdap_set_non_posix_flag(user_attrs, @@ -450,7 +451,7 @@ int sdap_save_user(TALLOC_CTX *memctx, ret = sysdb_attrs_get_uint32_t(attrs, opts->user_map[SDAP_AT_USER_GID].sys_name, &gid); - if (ret == ENOENT && dom->type == DOM_TYPE_APPLICATION) { + if (ret == ENOENT && (dom->type == DOM_TYPE_APPLICATION || set_non_posix)) { DEBUG(SSSDBG_TRACE_INTERNAL, "Marking object as non-POSIX and setting ID=0!\n"); ret = sdap_set_non_posix_flag(attrs, @@ -696,7 +697,7 @@ int sdap_save_users(TALLOC_CTX *memctx, usn_value = NULL; ret = sdap_save_user(tmpctx, opts, dom, users[i], mapped_attrs, - &usn_value, now); + &usn_value, now, false); /* Do not fail completely on errors. * Just report the failure to save and go on */ diff --git a/src/providers/ldap/sdap_users.h b/src/providers/ldap/sdap_users.h index a6d088a6d71..74284cd0acb 100644 --- a/src/providers/ldap/sdap_users.h +++ b/src/providers/ldap/sdap_users.h @@ -36,6 +36,7 @@ int sdap_save_user(TALLOC_CTX *memctx, struct sysdb_attrs *attrs, struct sysdb_attrs *mapped_attrs, char **_usn_value, - time_t now); + time_t now, + bool set_non_posix); #endif /* _SDAP_USERS_H_ */ diff --git a/src/providers/proxy/proxy.h b/src/providers/proxy/proxy.h index 50b29b1b1fb..6246eba1873 100644 --- a/src/providers/proxy/proxy.h +++ b/src/providers/proxy/proxy.h @@ -52,6 +52,7 @@ struct proxy_id_ctx { struct be_ctx *be; bool fast_alias; struct sss_nss_ops ops; + struct sss_certmap_ctx *sss_certmap_ctx; }; struct proxy_auth_ctx { @@ -174,4 +175,13 @@ errno_t proxy_client_init(struct sbus_connection *conn, struct proxy_auth_ctx *auth_ctx); +errno_t proxy_init_certmap(TALLOC_CTX *mem_ctx, struct proxy_id_ctx *id_ctx); + + +errno_t proxy_map_cert_to_user(struct proxy_id_ctx *id_ctx, + struct dp_id_data *data); + +int get_pw_name(struct proxy_id_ctx *ctx, + struct sss_domain_info *dom, + const char *i_name); #endif /* __PROXY_H__ */ diff --git a/src/providers/proxy/proxy_auth.c b/src/providers/proxy/proxy_auth.c index c35aa907507..7f6f3f252d6 100644 --- a/src/providers/proxy/proxy_auth.c +++ b/src/providers/proxy/proxy_auth.c @@ -454,7 +454,7 @@ static void proxy_child_sig_handler(struct tevent_context *ev, "waitpid failed [%d][%s].\n", ret, strerror(ret)); } else if (ret == 0) { DEBUG(SSSDBG_CRIT_FAILURE, - "waitpid did not found a child with changed status.\n"); + "waitpid did not find a child with changed status.\n"); } else { if (WIFEXITED(child_status)) { DEBUG(SSSDBG_CONF_SETTINGS, @@ -748,7 +748,13 @@ proxy_pam_handler_send(TALLOC_CTX *mem_ctx, /* Tell frontend that we do not support Smartcard authentication */ if (sss_authtok_get_type(pd->authtok) == SSS_AUTHTOK_TYPE_SC_PIN || sss_authtok_get_type(pd->authtok) == SSS_AUTHTOK_TYPE_SC_KEYPAD) { - pd->pam_status = PAM_BAD_ITEM; + if (pd->cmd == SSS_PAM_PREAUTH) { + /* just return success and let the PAM responder figure out if + * local Smartcard authentication is available. */ + pd->pam_status = PAM_SUCCESS; + } else { + pd->pam_status = PAM_BAD_ITEM; + } goto immediately; } diff --git a/src/providers/proxy/proxy_certmap.c b/src/providers/proxy/proxy_certmap.c new file mode 100644 index 00000000000..55fe39fe7ef --- /dev/null +++ b/src/providers/proxy/proxy_certmap.c @@ -0,0 +1,191 @@ +/* + SSSD + + Map certificates to users from the proxy provider + + Copyright (C) 2023 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "providers/proxy/proxy.h" +#include "util/util.h" +#include "util/cert.h" +#include "lib/certmap/sss_certmap.h" + +struct priv_sss_debug { + int level; +}; + +static void ext_debug(void *private, const char *file, long line, + const char *function, const char *format, ...) +{ + va_list ap; + struct priv_sss_debug *data = private; + int level = SSSDBG_OP_FAILURE; + + if (data != NULL) { + level = data->level; + } + + va_start(ap, format); + sss_vdebug_fn(file, line, function, level, APPEND_LINE_FEED, format, ap); + va_end(ap); +} + +errno_t proxy_init_certmap(TALLOC_CTX *mem_ctx, struct proxy_id_ctx *id_ctx) +{ + int ret; + bool hint; + struct certmap_info **certmap_list = NULL; + size_t c; + + ret = sysdb_get_certmap(mem_ctx, id_ctx->be->domain->sysdb, + &certmap_list, &hint); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sysdb_get_certmap failed.\n"); + goto done; + } + + if (certmap_list == NULL || *certmap_list == NULL) { + DEBUG(SSSDBG_TRACE_ALL, "No certmap data, nothing to do.\n"); + ret = EOK; + goto done; + } + + ret = sss_certmap_init(mem_ctx, ext_debug, NULL, &id_ctx->sss_certmap_ctx); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sss_certmap_init failed.\n"); + goto done; + } + + for (c = 0; certmap_list[c] != NULL; c++) { + DEBUG(SSSDBG_TRACE_ALL, "Trying to add rule [%s][%d][%s][%s].\n", + certmap_list[c]->name, + certmap_list[c]->priority, + certmap_list[c]->match_rule, + certmap_list[c]->map_rule); + + ret = sss_certmap_add_rule(id_ctx->sss_certmap_ctx, + certmap_list[c]->priority, + certmap_list[c]->match_rule, + certmap_list[c]->map_rule, + certmap_list[c]->domains); + if (ret != 0) { + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_certmap_add_rule failed for rule [%s] " + "with error [%d][%s], skipping. " + "Please check for typos and if rule syntax is supported.\n", + certmap_list[c]->name, ret, sss_strerror(ret)); + continue; + } + } + + ret = EOK; + +done: + talloc_free(certmap_list); + + return ret; +} + +errno_t proxy_map_cert_to_user(struct proxy_id_ctx *id_ctx, + struct dp_id_data *data) +{ + errno_t ret; + char *filter; + char *user; + struct ldb_message *msg = NULL; + struct sysdb_attrs *attrs = NULL; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n"); + return ENOMEM; + } + + ret = sss_cert_derb64_to_ldap_filter(tmp_ctx, data->filter_value, "", + id_ctx->sss_certmap_ctx, + id_ctx->be->domain, &filter); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "sss_cert_derb64_to_ldap_filter failed.\n"); + goto done; + } + if (filter == NULL || filter[0] != '(' + || filter[strlen(filter) - 1] != ')') { + DEBUG(SSSDBG_OP_FAILURE, + "sss_cert_derb64_to_ldap_filter returned bad filter [%s].\n", + filter); + ret = EINVAL; + goto done; + } + + filter[strlen(filter) - 1] = '\0'; + user = sss_create_internal_fqname(tmp_ctx, &filter[1], + id_ctx->be->domain->name); + if (user == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "sss_create_internal_fqname failed.\n"); + ret = ENOMEM; + goto done; + } + DEBUG(SSSDBG_TRACE_ALL, "Certificate mapped to user: [%s].\n", user); + + ret = sysdb_search_user_by_name(tmp_ctx, id_ctx->be->domain, user, NULL, &msg); + if (ret == ENOENT) { + DEBUG(SSSDBG_TRACE_ALL, "Mapped user [%s] not found in cache.\n", user); + ret = get_pw_name(id_ctx, id_ctx->be->domain, user); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "get_pw_name() failed.\n"); + } + ret = sysdb_search_user_by_name(tmp_ctx, id_ctx->be->domain, user, NULL, &msg); + } + + if (ret == EOK) { + attrs = sysdb_new_attrs(tmp_ctx); + if (attrs == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "sysdb_new_attrs failed.\n"); + ret = ENOMEM; + goto done; + } + + ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_MAPPED_CERT, + data->filter_value); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_base64_blob failed.\n"); + goto done; + } + + ret = sysdb_set_entry_attr(id_ctx->be->domain->sysdb, msg->dn, attrs, + SYSDB_MOD_ADD); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sysdb_set_entry_attr failed.\n"); + goto done; + } + } else if (ret == ENOENT) { + DEBUG(SSSDBG_TRACE_ALL, "Mapped user [%s] not found.\n", user); + goto done; + } else { + DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_user_by_name failed.\n"); + goto done; + } + + ret = EOK; + +done: + talloc_free(tmp_ctx); + + return ret; +} diff --git a/src/providers/proxy/proxy_child.c b/src/providers/proxy/proxy_child.c index fada1e6861d..dad65e79be7 100644 --- a/src/providers/proxy/proxy_child.c +++ b/src/providers/proxy/proxy_child.c @@ -552,7 +552,7 @@ int main(int argc, const char *argv[]) debug_log_file = talloc_asprintf(NULL, "proxy_child_%s", domain); if (!debug_log_file) return 2; - sss_chain_id_set(chain_id); + sss_chain_id_set((uint64_t)chain_id); DEBUG_INIT(debug_level, opt_logger); diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c index db6bbb2f0f0..b1d0c22ad13 100644 --- a/src/providers/proxy/proxy_id.c +++ b/src/providers/proxy/proxy_id.c @@ -43,9 +43,9 @@ static int delete_user(struct sss_domain_info *domain, const char *name, uid_t uid); -static int get_pw_name(struct proxy_id_ctx *ctx, - struct sss_domain_info *dom, - const char *i_name) +int get_pw_name(struct proxy_id_ctx *ctx, + struct sss_domain_info *dom, + const char *i_name) { TALLOC_CTX *tmpctx; struct passwd *pwd; @@ -1418,7 +1418,6 @@ static int get_initgr(TALLOC_CTX *mem_ctx, } uid = pwd->pw_uid; - memset(buffer, 0, buflen); /* Canonicalize the username in case it was actually an alias */ if (ctx->fast_alias == true) { @@ -1874,6 +1873,28 @@ proxy_account_info(TALLOC_CTX *mem_ctx, } break; + case BE_REQ_BY_CERT: + if (data->filter_type != BE_FILTER_CERT) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected filter type for lookup by cert: %d\n", + data->filter_type); + dp_reply_std_set(&reply, DP_ERR_FATAL, EINVAL, + "Unexpected filter type for lookup by cert"); + return reply; + } + + if (ctx->sss_certmap_ctx == NULL) { + DEBUG(SSSDBG_TRACE_ALL, "Certificate mapping not configured.\n"); + ret = EOK; + break; + } + + ret = proxy_map_cert_to_user(ctx, data); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "proxy_map_cert_to_user failed\n"); + } + break; + default: /*fail*/ dp_reply_std_set(&reply, DP_ERR_FATAL, EINVAL, "Invalid filter type"); diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c index 8931ccc5369..b3ffad8aa02 100644 --- a/src/providers/proxy/proxy_init.c +++ b/src/providers/proxy/proxy_init.c @@ -76,6 +76,33 @@ static errno_t proxy_id_conf(TALLOC_CTX *mem_ctx, return ret; } +#define LOCAL_AUTH_POLICY_MATCH "match" +#define LOCAL_AUTH_POLICY_ONLY "only" +#define LOCAL_AUTH_POLICY_ENABLE "enable" + +static bool local_auth_enabled(struct be_ctx *be_ctx) +{ + int ret; + char *local_policy = NULL; + bool res; + + ret = confdb_get_string(be_ctx->cdb, NULL, be_ctx->conf_path, + CONFDB_DOMAIN_LOCAL_AUTH_POLICY, + LOCAL_AUTH_POLICY_MATCH, &local_policy); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to get the confdb local_auth_policy\n"); + return false; + } + + res = (strcasecmp(local_policy, LOCAL_AUTH_POLICY_ONLY) == 0 + || strcasestr(local_policy, LOCAL_AUTH_POLICY_ENABLE":") != NULL); + + talloc_free(local_policy); + + return res; +} + static errno_t proxy_auth_conf(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, char **_pam_target) @@ -92,9 +119,17 @@ static errno_t proxy_auth_conf(TALLOC_CTX *mem_ctx, } if (pam_target == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Missing option %s.\n", - CONFDB_PROXY_PAM_TARGET); - return EINVAL; + if (local_auth_enabled(be_ctx)) { + DEBUG(SSSDBG_TRACE_FUNC, + "Option ["CONFDB_PROXY_PAM_TARGET"] is missing but local " \ + "authentication is enabled.\n"); + return EOK; + } else { + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing option "CONFDB_PROXY_PAM_TARGET" and local " \ + "authentication isn't enable as well.\n"); + return EINVAL; + } } *_pam_target = pam_target; @@ -123,7 +158,7 @@ static errno_t proxy_resolver_conf(TALLOC_CTX *mem_ctx, ret, sss_strerror(ret)); goto done; } else if (libname == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "No resolver library name given\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "No resolver library name given\n"); ret = ENOENT; goto done; } @@ -347,6 +382,23 @@ errno_t sssm_proxy_id_init(TALLOC_CTX *mem_ctx, goto done; } + ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain, true); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to initialize certificate mapping rules. " + "Authentication with certificates/Smartcards might not work " + "as expected.\n"); + /* not fatal, ignored */ + } else { + ret = proxy_init_certmap(module_ctx->id_ctx, module_ctx->id_ctx); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "files_init_certmap failed. " + "Authentication with certificates/Smartcards might not work " + "as expected.\n"); + /* not fatal, ignored */ + } + } + dp_set_method(dp_methods, DPM_ACCOUNT_HANDLER, proxy_account_info_handler_send, proxy_account_info_handler_recv, module_ctx->id_ctx, struct proxy_id_ctx, struct dp_id_data, diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c index 258dc1da507..b8275953261 100644 --- a/src/responder/common/cache_req/cache_req.c +++ b/src/responder/common/cache_req/cache_req.c @@ -702,7 +702,6 @@ struct cache_req_search_domains_state { bool check_next; bool dp_success; bool first_iteration; - enum cache_req_behavior cache_behavior; }; static errno_t cache_req_search_domains_next(struct tevent_req *req); @@ -713,6 +712,26 @@ static void cache_req_search_domains_locate_done(struct tevent_req *subreq); static void cache_req_search_domains_done(struct tevent_req *subreq); +static bool +cache_req_dp_contacted(struct cache_req_search_domains_state *state) +{ + switch (state->cr->cache_behavior) { + case CACHE_REQ_CACHE_FIRST: + if (state->first_iteration) { + /* This is the first iteration so provider was bypassed. */ + return false; + } + + /* This is the second iteration so the provider was contacted. */ + return true; + case CACHE_REQ_BYPASS_PROVIDER: + return false; + default: + /* Other schemas talks to provider immediately. */ + return true; + } +} + struct tevent_req * cache_req_search_domains_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, @@ -868,7 +887,7 @@ static errno_t cache_req_search_domains_next(struct tevent_req *req) * requests succeeded because only then we can be sure that it does * not exist- */ - if (state->dp_success) { + if (cache_req_dp_contacted(state) && state->dp_success) { cache_req_global_ncache_add(cr); } @@ -972,8 +991,10 @@ static void cache_req_search_domains_done(struct tevent_req *subreq) ret = cache_req_search_recv(state, subreq, &result, &dp_success); talloc_zfree(subreq); - /* Remember if any DP request fails. */ - state->dp_success = !dp_success ? false : state->dp_success; + /* Remember if any DP request fails, if DP was contacted. */ + if (cache_req_dp_contacted(state)) { + state->dp_success = !dp_success ? false : state->dp_success; + } switch (ret) { case EOK: @@ -985,7 +1006,9 @@ static void cache_req_search_domains_done(struct tevent_req *subreq) case ERR_ID_OUTSIDE_RANGE: case ENOENT: if (state->check_next == false) { - if (state->cr->data->propogate_offline_status && !state->dp_success) { + if (cache_req_dp_contacted(state) + && !state->dp_success + && state->cr->data->propogate_offline_status) { /* Not found and data provider request failed so we were * unable to fetch the data. */ ret = ERR_OFFLINE; @@ -1020,8 +1043,10 @@ static void cache_req_search_domains_done(struct tevent_req *subreq) case EAGAIN: break; default: - if (ret == ENOENT && state->cr->data->propogate_offline_status - && !state->dp_success) { + if (cache_req_dp_contacted(state) + && ret == ENOENT + && !state->dp_success + && state->cr->data->propogate_offline_status) { /* Not found and data provider request failed so we were * unable to fetch the data. */ ret = ERR_OFFLINE; diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 317e93ea691..5f04d25eec2 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -372,7 +372,7 @@ errno_t csv_string_to_uid_array(TALLOC_CTX *mem_ctx, const char *csv_string, uid_t client_euid(struct cli_creds *creds); errno_t check_allowed_uids(uid_t uid, size_t allowed_uids_count, - uid_t *allowed_uids); + const uid_t *allowed_uids); struct tevent_req * sss_parse_inp_send(TALLOC_CTX *mem_ctx, diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 62177ccf67a..ac0e72790c0 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -174,7 +174,7 @@ uid_t client_euid(struct cli_creds *creds) } errno_t check_allowed_uids(uid_t uid, size_t allowed_uids_count, - uid_t *allowed_uids) + const uid_t *allowed_uids) { size_t c; @@ -519,6 +519,7 @@ static void accept_fd_handler(struct tevent_context *ev, struct tevent_fd *fde, uint16_t flags, void *ptr) { + static uid_t last_violator_uid = (uid_t)-1; /* accept and attach new event handler */ struct accept_fd_ctx *accept_ctx = talloc_get_type(ptr, struct accept_fd_ctx); @@ -593,9 +594,12 @@ static void accept_fd_handler(struct tevent_context *ev, rctx->allowed_uids); if (ret != EOK) { if (ret == EACCES) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Access denied for uid [%"SPRIuid"].\n", - client_euid(cctx->creds)); + if (client_euid(cctx->creds) != last_violator_uid) { + last_violator_uid = client_euid(cctx->creds); + DEBUG(SSSDBG_IMPORTANT_INFO, + "Access denied for uid [%"SPRIuid"].\n", + last_violator_uid); + } } else { DEBUG(SSSDBG_OP_FAILURE, "check_allowed_uids failed.\n"); } diff --git a/src/responder/common/responder_utils.c b/src/responder/common/responder_utils.c index 8e5dcc017e0..47aeace8beb 100644 --- a/src/responder/common/responder_utils.c +++ b/src/responder/common/responder_utils.c @@ -30,15 +30,7 @@ static inline bool attr_in_list(const char **list, size_t nlist, const char *str) { - size_t i; - - for (i = 0; i < nlist; i++) { - if (strcasecmp(list[i], str) == 0) { - break; - } - } - - return (i < nlist) ? true : false; + return string_in_list_size(str, list, nlist, false); } const char **parse_attr_list_ex(TALLOC_CTX *mem_ctx, const char *conf_str, @@ -118,6 +110,11 @@ const char **parse_attr_list_ex(TALLOC_CTX *mem_ctx, const char *conf_str, continue; } + /* If the attribute is already in the list, skip it */ + if (attr_in_list(list, li, allow[i])) { + continue; + } + list[li] = talloc_strdup(list, allow[i]); if (list[li] == NULL) { goto done; @@ -136,6 +133,11 @@ const char **parse_attr_list_ex(TALLOC_CTX *mem_ctx, const char *conf_str, continue; } + /* If the attribute is already in the list, skip it */ + if (attr_in_list(list, li, defaults[i])) { + continue; + } + list[li] = talloc_strdup(list, defaults[i]); if (list[li] == NULL) { goto done; diff --git a/src/responder/ifp/ifp_cache.c b/src/responder/ifp/ifp_cache.c index 27681d094de..a4dd393aac2 100644 --- a/src/responder/ifp/ifp_cache.c +++ b/src/responder/ifp/ifp_cache.c @@ -173,8 +173,7 @@ ifp_cache_list_domains(TALLOC_CTX *mem_ctx, goto done; } - ret = add_strings_lists(tmp_ctx, paths, tmp_paths, true, - discard_const(&paths)); + ret = add_strings_lists(tmp_ctx, paths, tmp_paths, true, &paths); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to build object list " "[%d]: %s\n", ret, sss_strerror(ret)); diff --git a/src/responder/ifp/org.freedesktop.sssd.infopipe.service.in b/src/responder/ifp/org.freedesktop.sssd.infopipe.service.in index ee77f41bd56..ca06cb185c2 100644 --- a/src/responder/ifp/org.freedesktop.sssd.infopipe.service.in +++ b/src/responder/ifp/org.freedesktop.sssd.infopipe.service.in @@ -1,5 +1,6 @@ [D-BUS Service] Name=org.freedesktop.sssd.infopipe +@ifp_dbus_exec_comment@ Exec=@ifp_exec_cmd@ User=root @ifp_systemdservice@ diff --git a/src/responder/kcm/kcmsrv_ccache.c b/src/responder/kcm/kcmsrv_ccache.c index b63fc70afa3..6e4ea64e013 100644 --- a/src/responder/kcm/kcmsrv_ccache.c +++ b/src/responder/kcm/kcmsrv_ccache.c @@ -40,7 +40,9 @@ static int kcm_cc_destructor(struct kcm_ccache *cc) return 0; } - krb5_free_principal(NULL, cc->client); + if (cc->client != NULL) { + krb5_free_principal(NULL, cc->client); + } return 0; } @@ -231,7 +233,6 @@ struct kcm_cred *kcm_cred_new(TALLOC_CTX *mem_ctx, if (kcreds == NULL) { return NULL; } - uuid_copy(kcreds->uuid, uuid); kcreds->cred_blob = talloc_steal(kcreds, cred_blob); return kcreds; @@ -410,7 +411,7 @@ krb5_creds **kcm_cc_unmarshal(TALLOC_CTX *mem_ctx, count++; } - cred_list = talloc_zero_array(tmp_ctx, krb5_creds *, count + 1); + cred_list = talloc_array(tmp_ctx, krb5_creds *, count + 1); for (cred = kcm_cc_get_cred(cc); cred != NULL; cred = kcm_cc_next_cred(cred), i++) { cred_list[i] = kcm_cred_to_krb5(krb_context, cred); @@ -512,7 +513,7 @@ struct kcm_ccdb *kcm_ccdb_init(TALLOC_CTX *mem_ctx, ccdb->ops = &ccdb_secdb_ops; break; default: - DEBUG(SSSDBG_CRIT_FAILURE, "Unknown ccache database\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown ccache database backend\n"); break; } diff --git a/src/responder/kcm/kcmsrv_ccache_binary.c b/src/responder/kcm/kcmsrv_ccache_binary.c index 3f89c4a3583..cc4191a1161 100644 --- a/src/responder/kcm/kcmsrv_ccache_binary.c +++ b/src/responder/kcm/kcmsrv_ccache_binary.c @@ -201,7 +201,7 @@ static errno_t bin_to_princ(TALLOC_CTX *mem_ctx, return ret; } - princ->data = talloc_zero_array(princ, krb5_data, princ->length); + princ->data = talloc_array(princ, krb5_data, princ->length); if (princ->length > 0 && princ->data == NULL) { return ENOMEM; } diff --git a/src/responder/kcm/kcmsrv_ccache_pvt.h b/src/responder/kcm/kcmsrv_ccache_pvt.h index 0cc24c2b8cd..9d5afed1d53 100644 --- a/src/responder/kcm/kcmsrv_ccache_pvt.h +++ b/src/responder/kcm/kcmsrv_ccache_pvt.h @@ -41,7 +41,6 @@ struct kcm_cred { }; struct kcm_ccdb { - enum kcm_ccdb_be cc_be_type; struct tevent_context *ev; void *db_handle; diff --git a/src/responder/kcm/kcmsrv_ccache_secdb.c b/src/responder/kcm/kcmsrv_ccache_secdb.c index 875eb3c900e..ff5e6e24c38 100644 --- a/src/responder/kcm/kcmsrv_ccache_secdb.c +++ b/src/responder/kcm/kcmsrv_ccache_secdb.c @@ -531,13 +531,7 @@ static errno_t ccdb_secdb_init(struct kcm_ccdb *db, } if (kcm_quota->max_uid_secrets > 0) { - /* Even cn=default is considered a secret that adds up to - * the quota. To avoid off-by-one-confusion, increase - * the quota by two to 1) account for the cn=default object - * and 2) always allow writing to cn=defaults even if we - * are exactly at the quota limit - */ - kcm_quota->max_uid_secrets += 2; + kcm_quota->max_uid_secrets += KCM_MAX_UID_EXTRA_SECRETS; } ret = sss_sec_init(db, kcm_quota, &secdb->sctx); diff --git a/src/responder/kcm/kcmsrv_cmd.c b/src/responder/kcm/kcmsrv_cmd.c index 9b27bbdcc48..9c37e3cf095 100644 --- a/src/responder/kcm/kcmsrv_cmd.c +++ b/src/responder/kcm/kcmsrv_cmd.c @@ -34,11 +34,6 @@ /* The return code is 32bits */ #define KCM_RETCODE_SIZE 4 -/* The maximum length of a request or reply as defined by the RPC - * protocol. This is the same constant size as MIT KRB5 uses - */ -#define KCM_PACKET_MAX_SIZE 10*1024*1024 - /* KCM operation, its raw input and raw output and result */ struct kcm_op_io { struct kcm_op *op; @@ -280,7 +275,7 @@ static errno_t kcm_output_construct(TALLOC_CTX *mem_ctx, SAFEALIGN_SETMEM_UINT32(repbuf->rcbuf, 0, &c); if (replen > 0) { - rep = talloc_zero_array(mem_ctx, uint8_t, replen); + rep = talloc_array(mem_ctx, uint8_t, replen); if (rep == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to allocate memory for the message\n"); @@ -355,7 +350,7 @@ static void kcm_send_reply(struct kcm_req_ctx *req_ctx) cctx = req_ctx->cctx; - ret = kcm_output_construct(cctx, &req_ctx->op_io, &req_ctx->repbuf); + ret = kcm_output_construct(req_ctx, &req_ctx->op_io, &req_ctx->repbuf); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot construct the reply buffer, terminating client\n"); @@ -442,7 +437,7 @@ static errno_t kcm_recv_data(TALLOC_CTX *mem_ctx, return E2BIG; } - msg = talloc_zero_array(mem_ctx, uint8_t, msglen); + msg = talloc_array(mem_ctx, uint8_t, msglen); if (msg == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to allocate memory for the message\n"); diff --git a/src/responder/kcm/kcmsrv_ops.c b/src/responder/kcm/kcmsrv_ops.c index 33d7cd506ea..8935a7932b0 100644 --- a/src/responder/kcm/kcmsrv_ops.c +++ b/src/responder/kcm/kcmsrv_ops.c @@ -32,11 +32,6 @@ #include "responder/kcm/kcmsrv_ops.h" #include "responder/kcm/kcmsrv_ccache.h" -/* This limit comes from: - * https://github.com/krb5/krb5/blob/master/src/lib/krb5/ccache/cc_kcm.c#L53 - */ -#define KCM_REPLY_MAX 10*1024*1024 - struct kcm_op_ctx { struct kcm_resp_ctx *kcm_data; struct kcm_conn_data *conn_data; @@ -114,8 +109,8 @@ struct tevent_req *kcm_cmd_send(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_TRACE_LIBS, "%zu bytes on KCM input\n", input->length); state->reply = sss_iobuf_init_empty(state, - KCM_REPLY_MAX, - KCM_REPLY_MAX); + KCM_PACKET_INITIAL_SIZE, + KCM_PACKET_MAX_SIZE); if (state->reply == NULL) { ret = ENOMEM; goto immediate; @@ -159,9 +154,9 @@ struct tevent_req *kcm_cmd_send(TALLOC_CTX *mem_ctx, */ state->op_ctx->reply = sss_iobuf_init_empty( state, - KCM_REPLY_MAX - 2*sizeof(uint32_t), - KCM_REPLY_MAX - 2*sizeof(uint32_t)); - if (state->reply == NULL) { + KCM_PACKET_INITIAL_SIZE, + KCM_PACKET_MAX_SIZE - 2*sizeof(uint32_t)); + if (state->op_ctx->reply == NULL) { ret = ENOMEM; goto immediate; } @@ -879,7 +874,7 @@ static struct tevent_req *kcm_op_store_send(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_TRACE_LIBS, "Storing credentials for %s\n", name); creds_len = sss_iobuf_get_size(op_ctx->input) - strlen(name) -1; - if (creds_len > KCM_REPLY_MAX) { + if (creds_len > KCM_PACKET_MAX_SIZE) { /* Protects against underflows and in general adds sanity */ ret = E2BIG; goto immediate; diff --git a/src/responder/kcm/kcmsrv_ops.h b/src/responder/kcm/kcmsrv_ops.h index ab6c13791ba..5d803527e6d 100644 --- a/src/responder/kcm/kcmsrv_ops.h +++ b/src/responder/kcm/kcmsrv_ops.h @@ -29,6 +29,19 @@ #include "util/sss_iobuf.h" #include "responder/kcm/kcmsrv_pvt.h" +/* The initial packet size, which can later be grown up to KCM_PACKET_MAX_SIZE. + * The initial size is a trade off that is expected to best serve most of the + * cases (typical credentials size). + */ +#define KCM_PACKET_INITIAL_SIZE 4096 + +/* The maximum length of a request or reply as defined by the RPC + * protocol. This is the same constant size as MIT KRB5 uses + * This limit comes from: + * https://github.com/krb5/krb5/blob/c20251dafd6120fa08c76b19315cb9deb1a1b24e/src/lib/krb5/ccache/cc_kcm.c#L54 + */ +#define KCM_PACKET_MAX_SIZE 10*1024*1024 + struct kcm_op; struct kcm_op *kcm_get_opt(uint16_t opcode); const char *kcm_opt_name(struct kcm_op *op); diff --git a/src/responder/kcm/secrets/secrets.c b/src/responder/kcm/secrets/secrets.c index 025d1c42136..a37edcc2a51 100644 --- a/src/responder/kcm/secrets/secrets.c +++ b/src/responder/kcm/secrets/secrets.c @@ -18,15 +18,18 @@ You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#include "config.h" +#include <fcntl.h> #include <sys/types.h> #include <sys/stat.h> -#include <fcntl.h> +#include <time.h> #include <uuid/uuid.h> -#include "config.h" - +#include "responder/kcm/kcmsrv_ccache.h" #include "util/util.h" +#include "util/util_creds.h" +#include "util/sss_iobuf.h" #include "util/strtonum.h" #include "util/crypto/sss_crypto.h" #include "sec_pvt.h" @@ -50,6 +53,10 @@ static struct sss_sec_quota default_kcm_quota = { .containers_nest_level = DEFAULT_SEC_CONTAINERS_NEST_LEVEL, }; +static char *local_dn_to_path(TALLOC_CTX *mem_ctx, + struct ldb_dn *basedn, + struct ldb_dn *dn); + static int local_db_check_containers(TALLOC_CTX *mem_ctx, struct sss_sec_ctx *sec_ctx, struct ldb_dn *leaf_dn) @@ -181,11 +188,166 @@ static struct ldb_dn *per_uid_container(TALLOC_CTX *mem_ctx, return uid_base_dn; } +static errno_t get_secret_expiration_time(uint8_t *key, size_t key_length, + uint8_t *sec, size_t sec_length, + time_t *_expiration) +{ + errno_t ret; + TALLOC_CTX *tmp_ctx; + time_t expiration = 0; + struct cli_creds client = {}; + struct kcm_ccache *cc; + struct sss_iobuf *iobuf; + krb5_creds **cred_list, **cred; + const char *key_str; + + if (_expiration == NULL) { + return EINVAL; + } + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + key_str = talloc_strndup(tmp_ctx, (const char *) key, key_length); + if (key_str == NULL) { + ret = ENOMEM; + goto done; + } + + iobuf = sss_iobuf_init_readonly(tmp_ctx, sec, sec_length); + if (iobuf == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sec_kv_to_ccache_binary(tmp_ctx, key_str, iobuf, &client, &cc); + if (ret != EOK) { + goto done; + } + + cred_list = kcm_cc_unmarshal(tmp_ctx, NULL, cc); + if (cred_list == NULL) { + ret = ENOMEM; + goto done; + } + + for (cred = cred_list; *cred != NULL; cred++) { + if ((*cred)->times.endtime != 0) { + expiration = (time_t) (*cred)->times.endtime; + break; + } + } + + *_expiration = expiration; + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; +} + +static errno_t local_db_remove_oldest_expired_secret(struct ldb_result *res, + struct sss_sec_req *req) +{ + struct sss_sec_req *new_req = NULL; + const struct ldb_val *val; + const struct ldb_val *rdn; + struct ldb_message *msg; + struct ldb_message_element *elem; + struct ldb_dn *basedn; + struct ldb_dn *oldest_dn = NULL; + time_t oldest_time = time(NULL); + time_t expiration; + unsigned int i; + int ret; + + DEBUG(SSSDBG_TRACE_INTERNAL, "Removing the oldest expired credential\n"); + /* Between all the messages in result, there is also the key we are + * currently treating, but because yet it doesn't have an expiration time, + * it will be skipped. + */ + for (i = 0; i < res->count; i++) { + msg = res->msgs[i]; + + /* Skip cn=default,... or any non cn=... */ + rdn = ldb_dn_get_rdn_val(msg->dn); + if (strcmp(ldb_dn_get_rdn_name(msg->dn), "cn") != 0 + || strncmp("default", (char *) rdn->data, rdn->length) == 0) { + continue; + } + + elem = ldb_msg_find_element(msg, SEC_ATTR_SECRET); + if (elem != NULL) { + if (elem->num_values != 1) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Element %s has %u values. Ignoring it.\n", + SEC_ATTR_SECRET, elem->num_values); + ret = ERR_MALFORMED_ENTRY; + goto done; + } + + val = &elem->values[0]; + ret = get_secret_expiration_time(rdn->data, rdn->length, + val->data, val->length, + &expiration); + if (ret != EOK) { + goto done; + } + if (expiration > 0 && expiration < oldest_time) { + oldest_dn = msg->dn; + oldest_time = expiration; + } + } + } + + if (oldest_dn == NULL) { + DEBUG(SSSDBG_TRACE_INTERNAL, "Found no expired credential to remove\n"); + ret = ERR_NO_MATCHING_CREDS; + goto done; + } + + new_req = talloc_zero(NULL, struct sss_sec_req); + if (new_req == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to allocate the new request\n"); + ret = ENOMEM; + goto done; + } + + basedn = ldb_dn_new(new_req, req->sctx->ldb, req->basedn); + if (basedn == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to create a dn: %s\n", req->basedn); + ret = EINVAL; + goto done; + } + + new_req->basedn = req->basedn; + new_req->quota = req->quota; + new_req->req_dn = oldest_dn; + new_req->sctx = req->sctx; + new_req->path = local_dn_to_path(new_req, basedn, oldest_dn); + if (new_req->path == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to create the path\n"); + ret = EINVAL; + goto done; + } + + ret = sss_sec_delete(new_req); + +done: + if (new_req != NULL) + talloc_free(new_req); + + return ret; +} + + static int local_db_check_peruid_number_of_secrets(TALLOC_CTX *mem_ctx, struct sss_sec_req *req) { TALLOC_CTX *tmp_ctx; - static const char *attrs[] = { NULL }; + static const char *attrs[] = { SEC_ATTR_SECRET, NULL }; struct ldb_result *res = NULL; struct ldb_dn *cli_basedn = NULL; int ret; @@ -214,13 +376,21 @@ static int local_db_check_peruid_number_of_secrets(TALLOC_CTX *mem_ctx, } if (res->count >= req->quota->max_uid_secrets) { - DEBUG(SSSDBG_OP_FAILURE, - "Cannot store any more secrets for this client (basedn %s) " - "as the maximum allowed limit (%d) has been reached\n", - ldb_dn_get_linearized(cli_basedn), - req->quota->max_uid_secrets); - ret = ERR_SEC_INVALID_TOO_MANY_SECRETS; - goto done; + /* We reached the limit. Let's try to removed the + * oldest expired credential to free some space. */ + ret = local_db_remove_oldest_expired_secret(res, req); + if (ret != EOK) { + if (ret == ERR_NO_MATCHING_CREDS) { + /* max_uid_secrets is incremented for internal entries. */ + DEBUG(SSSDBG_OP_FAILURE, + "Cannot store any more secrets for this client (basedn %s) " + "as the maximum allowed limit (%d) has been reached\n", + ldb_dn_get_linearized(cli_basedn), + req->quota->max_uid_secrets - KCM_MAX_UID_EXTRA_SECRETS); + ret = ERR_SEC_INVALID_TOO_MANY_SECRETS; + } + goto done; + } } ret = EOK; @@ -808,15 +978,15 @@ errno_t sss_sec_put(struct sss_sec_req *req, goto done; } - ret = local_db_check_number_of_secrets(msg, req); + ret = local_db_check_peruid_number_of_secrets(msg, req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, - "local_db_check_number_of_secrets failed [%d]: %s\n", + "local_db_check_peruid_number_of_secrets failed [%d]: %s\n", ret, sss_strerror(ret)); goto done; } - ret = local_db_check_peruid_number_of_secrets(msg, req); + ret = local_db_check_number_of_secrets(msg, req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "local_db_check_number_of_secrets failed [%d]: %s\n", @@ -905,15 +1075,15 @@ errno_t sss_sec_update(struct sss_sec_req *req, goto done; } - ret = local_db_check_number_of_secrets(msg, req); + ret = local_db_check_peruid_number_of_secrets(msg, req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, - "local_db_check_number_of_secrets failed [%d]: %s\n", + "local_db_check_peruid_number_of_secrets failed [%d]: %s\n", ret, sss_strerror(ret)); goto done; } - ret = local_db_check_peruid_number_of_secrets(msg, req); + ret = local_db_check_number_of_secrets(msg, req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "local_db_check_number_of_secrets failed [%d]: %s\n", diff --git a/src/responder/kcm/secrets/secrets.h b/src/responder/kcm/secrets/secrets.h index 00963aa7c01..537f6c9a7a8 100644 --- a/src/responder/kcm/secrets/secrets.h +++ b/src/responder/kcm/secrets/secrets.h @@ -40,6 +40,14 @@ #define DEFAULT_SEC_KCM_MAX_UID_SECRETS 64 #define DEFAULT_SEC_KCM_MAX_PAYLOAD_SIZE 65536 +/* Even cn=default is considered a secret that adds up to + * the quota. To avoid off-by-one-confusion, increase + * the quota by two to 1) account for the cn=default object + * and 2) always allow writing to cn=defaults even if we + * are exactly at the quota limit + */ +#define KCM_MAX_UID_EXTRA_SECRETS 2 + struct sss_sec_ctx; struct sss_sec_req; diff --git a/src/responder/nss/nss_cmd.c b/src/responder/nss/nss_cmd.c index 477920452a3..dd801139bd7 100644 --- a/src/responder/nss/nss_cmd.c +++ b/src/responder/nss/nss_cmd.c @@ -1209,38 +1209,21 @@ static errno_t sss_nss_cmd_getorigbyname_common(struct cli_ctx *cli_ctx, errno_t ret; struct sss_nss_ctx *nss_ctx; const char **attrs; - static const char *defattrs[] = { SYSDB_NAME, SYSDB_OBJECTCATEGORY, - SYSDB_SID_STR, - ORIGINALAD_PREFIX SYSDB_NAME, - ORIGINALAD_PREFIX SYSDB_UIDNUM, - ORIGINALAD_PREFIX SYSDB_GIDNUM, - ORIGINALAD_PREFIX SYSDB_GECOS, - ORIGINALAD_PREFIX SYSDB_HOMEDIR, - ORIGINALAD_PREFIX SYSDB_SHELL, - SYSDB_UPN, - SYSDB_DEFAULT_OVERRIDE_NAME, - SYSDB_AD_ACCOUNT_EXPIRES, - SYSDB_AD_USER_ACCOUNT_CONTROL, - SYSDB_SSH_PUBKEY, - SYSDB_USER_CERT, - SYSDB_USER_EMAIL, - SYSDB_ORIG_DN, - SYSDB_ORIG_MEMBEROF, - SYSDB_DEFAULT_ATTRS, NULL }; + static const char *cache_attrs[] = { SYSDB_NAME, + SYSDB_OBJECTCATEGORY, + SYSDB_SID_STR, + SYSDB_DEFAULT_ATTRS, + NULL }; nss_ctx = talloc_get_type(cli_ctx->rctx->pvt_ctx, struct sss_nss_ctx); - if (nss_ctx->extra_attributes != NULL) { - ret = add_strings_lists(cli_ctx, defattrs, nss_ctx->extra_attributes, - false, discard_const(&attrs)); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "Unable to concatenate attributes [%d]: %s\n", - ret, sss_strerror(ret)); - return ENOMEM; - } - } else { - attrs = defattrs; + ret = add_strings_lists_ex(cli_ctx, cache_attrs, nss_ctx->full_attribute_list, + false, true, &attrs); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Unable to concatenate attributes [%d]: %s\n", + ret, sss_strerror(ret)); + return ENOMEM; } return sss_nss_getby_name(cli_ctx, false, type, attrs, diff --git a/src/responder/nss/nss_get_object.c b/src/responder/nss/nss_get_object.c index 5d62dd09851..29f9cb59b5a 100644 --- a/src/responder/nss/nss_get_object.c +++ b/src/responder/nss/nss_get_object.c @@ -34,13 +34,13 @@ memcache_delete_entry_by_name(struct sss_nss_ctx *nss_ctx, switch (type) { case SSS_MC_PASSWD: - ret = sss_mmap_cache_pw_invalidate(nss_ctx->pwd_mc_ctx, name); + ret = sss_mmap_cache_pw_invalidate(&nss_ctx->pwd_mc_ctx, name); break; case SSS_MC_GROUP: - ret = sss_mmap_cache_gr_invalidate(nss_ctx->grp_mc_ctx, name); + ret = sss_mmap_cache_gr_invalidate(&nss_ctx->grp_mc_ctx, name); break; case SSS_MC_INITGROUPS: - ret = sss_mmap_cache_initgr_invalidate(nss_ctx->initgr_mc_ctx, name); + ret = sss_mmap_cache_initgr_invalidate(&nss_ctx->initgr_mc_ctx, name); break; default: return EINVAL; @@ -66,10 +66,10 @@ memcache_delete_entry_by_id(struct sss_nss_ctx *nss_ctx, switch (type) { case SSS_MC_PASSWD: - ret = sss_mmap_cache_pw_invalidate_uid(nss_ctx->pwd_mc_ctx, (uid_t)id); + ret = sss_mmap_cache_pw_invalidate_uid(&nss_ctx->pwd_mc_ctx, (uid_t)id); break; case SSS_MC_GROUP: - ret = sss_mmap_cache_gr_invalidate_gid(nss_ctx->grp_mc_ctx, (gid_t)id); + ret = sss_mmap_cache_gr_invalidate_gid(&nss_ctx->grp_mc_ctx, (gid_t)id); break; default: return EINVAL; diff --git a/src/responder/nss/nss_iface.c b/src/responder/nss/nss_iface.c index 07e91aa811b..db743f8b7e6 100644 --- a/src/responder/nss/nss_iface.c +++ b/src/responder/nss/nss_iface.c @@ -78,7 +78,7 @@ sss_nss_update_initgr_memcache(struct sss_nss_ctx *nctx, if (ret == ENOENT || res->count == 0) { /* The user is gone. Invalidate the mc record */ - ret = sss_mmap_cache_pw_invalidate(nctx->pwd_mc_ctx, delete_name); + ret = sss_mmap_cache_pw_invalidate(&nctx->pwd_mc_ctx, delete_name); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, "Internal failure in memory cache code: %d [%s]\n", @@ -125,7 +125,7 @@ sss_nss_update_initgr_memcache(struct sss_nss_ctx *nctx, for (i = 0; i < gnum; i++) { id = groups[i]; - ret = sss_mmap_cache_gr_invalidate_gid(nctx->grp_mc_ctx, id); + ret = sss_mmap_cache_gr_invalidate_gid(&nctx->grp_mc_ctx, id); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, "Internal failure in memory cache code: %d [%s]\n", @@ -134,7 +134,7 @@ sss_nss_update_initgr_memcache(struct sss_nss_ctx *nctx, } to_sized_string(delete_name, fq_name); - ret = sss_mmap_cache_initgr_invalidate(nctx->initgr_mc_ctx, + ret = sss_mmap_cache_initgr_invalidate(&nctx->initgr_mc_ctx, delete_name); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, @@ -208,7 +208,7 @@ sss_nss_memorycache_invalidate_group_by_id(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_TRACE_LIBS, "Invalidating group %u from memory cache\n", gid); - sss_mmap_cache_gr_invalidate_gid(nctx->grp_mc_ctx, gid); + sss_mmap_cache_gr_invalidate_gid(&nctx->grp_mc_ctx, gid); return EOK; } diff --git a/src/responder/nss/nss_private.h b/src/responder/nss/nss_private.h index 0e16c51266d..e2f5a3e5a58 100644 --- a/src/responder/nss/nss_private.h +++ b/src/responder/nss/nss_private.h @@ -78,6 +78,7 @@ struct sss_nss_ctx { char *fallback_homedir; char *homedir_substr; const char **extra_attributes; + const char **full_attribute_list; /* Enumeration. */ struct sss_nss_enum_ctx *pwent; diff --git a/src/responder/nss/nss_protocol_grent.c b/src/responder/nss/nss_protocol_grent.c index e0e56cd65ad..887501ab3cc 100644 --- a/src/responder/nss/nss_protocol_grent.c +++ b/src/responder/nss/nss_protocol_grent.c @@ -19,6 +19,7 @@ */ #include "responder/nss/nss_protocol.h" +#include "util/sss_format.h" static errno_t sss_nss_get_grent(TALLOC_CTX *mem_ctx, @@ -402,9 +403,16 @@ sss_nss_protocol_fill_initgr(struct sss_nss_ctx *nss_ctx, ret = sysdb_search_group_by_origgid(NULL, domain, orig_gid, NULL, &primary_group_msg); if (ret != EOK) { - DEBUG((ret == ENOENT ? SSSDBG_FUNC_DATA : SSSDBG_MINOR_FAILURE), - "Unable to find primary gid [%d]: %s\n", - ret, sss_strerror(ret)); + if (ret == ENOENT) { + DEBUG(SSSDBG_FUNC_DATA, + "There is no override for group %" SPRIgid "\n", + orig_gid); + } else { + DEBUG(SSSDBG_MINOR_FAILURE, + "Unable to find the original group id attribute for %" SPRIgid + ". Assuming there is none. [%d] %s\n", + orig_gid, ret, sss_strerror(ret)); + } /* Just continue with what we have. */ } else { orig_gid = ldb_msg_find_attr_as_uint64(primary_group_msg, SYSDB_GIDNUM, diff --git a/src/responder/nss/nss_protocol_sid.c b/src/responder/nss/nss_protocol_sid.c index 089b0488c8b..69d61bb609a 100644 --- a/src/responder/nss/nss_protocol_sid.c +++ b/src/responder/nss/nss_protocol_sid.c @@ -331,11 +331,11 @@ sss_nss_protocol_fill_orig(struct sss_nss_ctx *nss_ctx, { TALLOC_CTX *tmp_ctx; struct ldb_message *msg = result->msgs[0]; - const char **extra_attrs = NULL; + const char **full_attrs = NULL; enum sss_id_type id_type; struct sized_string *keys; struct sized_string *vals; - size_t extra_attrs_count = 0; + size_t full_attrs_count = 0; size_t array_size; size_t sum; size_t found; @@ -344,23 +344,6 @@ sss_nss_protocol_fill_orig(struct sss_nss_ctx *nss_ctx, size_t body_len; uint8_t *body; errno_t ret; - const char *orig_attrs[] = { SYSDB_SID_STR, - ORIGINALAD_PREFIX SYSDB_NAME, - ORIGINALAD_PREFIX SYSDB_UIDNUM, - ORIGINALAD_PREFIX SYSDB_GIDNUM, - ORIGINALAD_PREFIX SYSDB_HOMEDIR, - ORIGINALAD_PREFIX SYSDB_GECOS, - ORIGINALAD_PREFIX SYSDB_SHELL, - SYSDB_UPN, - SYSDB_DEFAULT_OVERRIDE_NAME, - SYSDB_AD_ACCOUNT_EXPIRES, - SYSDB_AD_USER_ACCOUNT_CONTROL, - SYSDB_SSH_PUBKEY, - SYSDB_USER_CERT, - SYSDB_USER_EMAIL, - SYSDB_ORIG_DN, - SYSDB_ORIG_MEMBEROF, - NULL }; if (result->count != 1) { DEBUG(SSSDBG_OP_FAILURE, @@ -379,14 +362,14 @@ sss_nss_protocol_fill_orig(struct sss_nss_ctx *nss_ctx, return ret; } - if (nss_ctx->extra_attributes != NULL) { - extra_attrs = nss_ctx->extra_attributes; - for (extra_attrs_count = 0; - extra_attrs[extra_attrs_count] != NULL; - extra_attrs_count++); + if (nss_ctx->full_attribute_list != NULL) { + full_attrs = nss_ctx->full_attribute_list; + for (full_attrs_count = 0; + full_attrs[full_attrs_count] != NULL; + full_attrs_count++); } - array_size = sizeof(orig_attrs) + extra_attrs_count; + array_size = full_attrs_count; keys = talloc_array(tmp_ctx, struct sized_string, array_size); vals = talloc_array(tmp_ctx, struct sized_string, array_size); if (keys == NULL || vals == NULL) { @@ -398,15 +381,8 @@ sss_nss_protocol_fill_orig(struct sss_nss_ctx *nss_ctx, sum = 0; found = 0; - ret = process_attr_list(tmp_ctx, msg, orig_attrs, &keys, &vals, - &array_size, &sum, &found); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "process_attr_list failed.\n"); - goto done; - } - - if (extra_attrs_count != 0) { - ret = process_attr_list(tmp_ctx, msg, extra_attrs, &keys, &vals, + if (full_attrs_count != 0) { + ret = process_attr_list(tmp_ctx, msg, full_attrs, &keys, &vals, &array_size, &sum, &found); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "process_attr_list failed.\n"); diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index 9f645bf848a..4673a64ca47 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -175,6 +175,23 @@ static int sss_nss_get_config(struct sss_nss_ctx *nctx, { int ret; char *tmp_str; + static const char *orig_attrs[] = { SYSDB_SID_STR, + ORIGINALAD_PREFIX SYSDB_NAME, + ORIGINALAD_PREFIX SYSDB_UIDNUM, + ORIGINALAD_PREFIX SYSDB_GIDNUM, + ORIGINALAD_PREFIX SYSDB_HOMEDIR, + ORIGINALAD_PREFIX SYSDB_GECOS, + ORIGINALAD_PREFIX SYSDB_SHELL, + SYSDB_UPN, + SYSDB_DEFAULT_OVERRIDE_NAME, + SYSDB_AD_ACCOUNT_EXPIRES, + SYSDB_AD_USER_ACCOUNT_CONTROL, + SYSDB_SSH_PUBKEY, + SYSDB_USER_CERT, + SYSDB_USER_EMAIL, + SYSDB_ORIG_DN, + SYSDB_ORIG_MEMBEROF, + NULL }; ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_ENUM_CACHE_TIMEOUT, 120, @@ -243,6 +260,13 @@ static int sss_nss_get_config(struct sss_nss_ctx *nctx, } } + ret = add_strings_lists_ex(nctx, nctx->extra_attributes, orig_attrs, false, + true, &nctx->full_attribute_list); + if (ret != EOK) { + ret = ENOMEM; + goto done; + } + ret = 0; done: return ret; diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c index 12c29965969..cacdc7cc5f5 100644 --- a/src/responder/nss/nsssrv_mmap_cache.c +++ b/src/responder/nss/nsssrv_mmap_cache.c @@ -701,16 +701,22 @@ static inline void sss_mmap_chain_in_rec(struct sss_mc_ctx *mcc, * generic invalidation ***************************************************************************/ -static errno_t sss_mmap_cache_invalidate(struct sss_mc_ctx *mcc, +static errno_t sss_mmap_cache_validate_or_reinit(struct sss_mc_ctx **_mcc); + +static errno_t sss_mmap_cache_invalidate(struct sss_mc_ctx **_mcc, const struct sized_string *key) { + struct sss_mc_ctx *mcc; struct sss_mc_rec *rec; + int ret; - if (mcc == NULL) { - /* cache not initialized? */ - return EINVAL; + ret = sss_mmap_cache_validate_or_reinit(_mcc); + if (ret != EOK) { + return ret; } + mcc = *_mcc; + rec = sss_mc_find_record(mcc, key); if (rec == NULL) { /* nothing to invalidate */ @@ -722,6 +728,57 @@ static errno_t sss_mmap_cache_invalidate(struct sss_mc_ctx *mcc, return EOK; } +static errno_t sss_mmap_cache_validate_or_reinit(struct sss_mc_ctx **_mcc) +{ + struct sss_mc_ctx *mcc = *_mcc; + struct stat fdstat; + bool reinit = false; + errno_t ret; + + /* No mcc initialized? Memory cache may be disabled. */ + if (mcc == NULL || mcc->fd < 0) { + ret = EINVAL; + reinit = false; + goto done; + } + + if (fstat(mcc->fd, &fdstat) == -1) { + ret = errno; + DEBUG(SSSDBG_CRIT_FAILURE, + "Unable to stat memory cache [file=%s, fd=%d] [%d]: %s\n", + mcc->file, mcc->fd, ret, sss_strerror(ret)); + reinit = true; + goto done; + } + + if (fdstat.st_nlink == 0) { + DEBUG(SSSDBG_CRIT_FAILURE, "Memory cache file was removed\n"); + ret = ENOENT; + reinit = true; + goto done; + } + + if (fdstat.st_size != mcc->mmap_size) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Memory cache is corrupted, invalid size [file=%s, fd=%d, " + "expected_size=%zu, real_size=%zu]\n", + mcc->file, mcc->fd, mcc->mmap_size, fdstat.st_size); + ret = EINVAL; + reinit = true; + goto done; + } + + ret = EOK; + reinit = false; + +done: + if (reinit) { + return sss_mmap_cache_reinit(talloc_parent(mcc), -1, -1, -1, -1, _mcc); + } + + return ret; +} + /*************************************************************************** * passwd map ***************************************************************************/ @@ -734,7 +791,7 @@ errno_t sss_mmap_cache_pw_store(struct sss_mc_ctx **_mcc, const struct sized_string *homedir, const struct sized_string *shell) { - struct sss_mc_ctx *mcc = *_mcc; + struct sss_mc_ctx *mcc; struct sss_mc_rec *rec; struct sss_mc_pwd_data *data; struct sized_string uidkey; @@ -744,11 +801,13 @@ errno_t sss_mmap_cache_pw_store(struct sss_mc_ctx **_mcc, size_t pos; int ret; - if (mcc == NULL) { - /* cache not initialized? */ - return EINVAL; + ret = sss_mmap_cache_validate_or_reinit(_mcc); + if (ret != EOK) { + return ret; } + mcc = *_mcc; + ret = snprintf(uidstr, 11, "%ld", (long)uid); if (ret > 10) { return EINVAL; @@ -800,14 +859,15 @@ errno_t sss_mmap_cache_pw_store(struct sss_mc_ctx **_mcc, return EOK; } -errno_t sss_mmap_cache_pw_invalidate(struct sss_mc_ctx *mcc, +errno_t sss_mmap_cache_pw_invalidate(struct sss_mc_ctx **_mcc, const struct sized_string *name) { - return sss_mmap_cache_invalidate(mcc, name); + return sss_mmap_cache_invalidate(_mcc, name); } -errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx *mcc, uid_t uid) +errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx **_mcc, uid_t uid) { + struct sss_mc_ctx *mcc; struct sss_mc_rec *rec = NULL; struct sss_mc_pwd_data *data; uint32_t hash; @@ -815,11 +875,13 @@ errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx *mcc, uid_t uid) char *uidstr; errno_t ret; - if (mcc == NULL) { - /* cache not initialized? */ - return EINVAL; + ret = sss_mmap_cache_validate_or_reinit(_mcc); + if (ret != EOK) { + return ret; } + mcc = *_mcc; + uidstr = talloc_asprintf(NULL, "%ld", (long)uid); if (!uidstr) { return ENOMEM; @@ -876,7 +938,7 @@ int sss_mmap_cache_gr_store(struct sss_mc_ctx **_mcc, gid_t gid, size_t memnum, const char *membuf, size_t memsize) { - struct sss_mc_ctx *mcc = *_mcc; + struct sss_mc_ctx *mcc; struct sss_mc_rec *rec; struct sss_mc_grp_data *data; struct sized_string gidkey; @@ -886,11 +948,13 @@ int sss_mmap_cache_gr_store(struct sss_mc_ctx **_mcc, size_t pos; int ret; - if (mcc == NULL) { - /* cache not initialized? */ - return EINVAL; + ret = sss_mmap_cache_validate_or_reinit(_mcc); + if (ret != EOK) { + return ret; } + mcc = *_mcc; + ret = snprintf(gidstr, 11, "%ld", (long)gid); if (ret > 10) { return EINVAL; @@ -938,14 +1002,15 @@ int sss_mmap_cache_gr_store(struct sss_mc_ctx **_mcc, return EOK; } -errno_t sss_mmap_cache_gr_invalidate(struct sss_mc_ctx *mcc, +errno_t sss_mmap_cache_gr_invalidate(struct sss_mc_ctx **_mcc, const struct sized_string *name) { - return sss_mmap_cache_invalidate(mcc, name); + return sss_mmap_cache_invalidate(_mcc, name); } -errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx *mcc, gid_t gid) +errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx **_mcc, gid_t gid) { + struct sss_mc_ctx *mcc; struct sss_mc_rec *rec = NULL; struct sss_mc_grp_data *data; uint32_t hash; @@ -953,11 +1018,13 @@ errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx *mcc, gid_t gid) char *gidstr; errno_t ret; - if (mcc == NULL) { - /* cache not initialized? */ - return EINVAL; + ret = sss_mmap_cache_validate_or_reinit(_mcc); + if (ret != EOK) { + return ret; } + mcc = *_mcc; + gidstr = talloc_asprintf(NULL, "%ld", (long)gid); if (!gidstr) { return ENOMEM; @@ -1010,7 +1077,7 @@ errno_t sss_mmap_cache_initgr_store(struct sss_mc_ctx **_mcc, uint32_t num_groups, const uint8_t *gids_buf) { - struct sss_mc_ctx *mcc = *_mcc; + struct sss_mc_ctx *mcc; struct sss_mc_rec *rec; struct sss_mc_initgr_data *data; size_t data_len; @@ -1018,11 +1085,13 @@ errno_t sss_mmap_cache_initgr_store(struct sss_mc_ctx **_mcc, size_t pos; int ret; - if (mcc == NULL) { - /* cache not initialized? */ - return EINVAL; + ret = sss_mmap_cache_validate_or_reinit(_mcc); + if (ret != EOK) { + return ret; } + mcc = *_mcc; + /* array of gids + name + unique_name */ data_len = num_groups * sizeof(uint32_t) + name->len + unique_name->len; rec_len = sizeof(struct sss_mc_rec) + sizeof(struct sss_mc_initgr_data) @@ -1068,10 +1137,10 @@ errno_t sss_mmap_cache_initgr_store(struct sss_mc_ctx **_mcc, return EOK; } -errno_t sss_mmap_cache_initgr_invalidate(struct sss_mc_ctx *mcc, +errno_t sss_mmap_cache_initgr_invalidate(struct sss_mc_ctx **_mcc, const struct sized_string *name) { - return sss_mmap_cache_invalidate(mcc, name); + return sss_mmap_cache_invalidate(_mcc, name); } errno_t sss_mmap_cache_sid_store(struct sss_mc_ctx **_mcc, @@ -1080,17 +1149,20 @@ errno_t sss_mmap_cache_sid_store(struct sss_mc_ctx **_mcc, uint32_t type, bool explicit_lookup) { - struct sss_mc_ctx *mcc = *_mcc; + struct sss_mc_ctx *mcc; struct sss_mc_rec *rec; struct sss_mc_sid_data *data; char idkey[16]; size_t rec_len; int ret; - if (mcc == NULL) { - return EINVAL; + ret = sss_mmap_cache_validate_or_reinit(_mcc); + if (ret != EOK) { + return ret; } + mcc = *_mcc; + ret = snprintf(idkey, sizeof(idkey), "%d-%ld", (type == SSS_ID_TYPE_GID) ? SSS_ID_TYPE_GID : SSS_ID_TYPE_UID, (long)id); diff --git a/src/responder/nss/nsssrv_mmap_cache.h b/src/responder/nss/nsssrv_mmap_cache.h index 686b8e1b219..28ee5adb643 100644 --- a/src/responder/nss/nsssrv_mmap_cache.h +++ b/src/responder/nss/nsssrv_mmap_cache.h @@ -63,17 +63,17 @@ errno_t sss_mmap_cache_sid_store(struct sss_mc_ctx **_mcc, uint32_t type, /* enum sss_id_type*/ bool explicit_lookup); /* false ~ by_id(), true ~ by_uid/gid() */ -errno_t sss_mmap_cache_pw_invalidate(struct sss_mc_ctx *mcc, +errno_t sss_mmap_cache_pw_invalidate(struct sss_mc_ctx **_mcc, const struct sized_string *name); -errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx *mcc, uid_t uid); +errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx **_mcc, uid_t uid); -errno_t sss_mmap_cache_gr_invalidate(struct sss_mc_ctx *mcc, +errno_t sss_mmap_cache_gr_invalidate(struct sss_mc_ctx **_mcc, const struct sized_string *name); -errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx *mcc, gid_t gid); +errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx **_mcc, gid_t gid); -errno_t sss_mmap_cache_initgr_invalidate(struct sss_mc_ctx *mcc, +errno_t sss_mmap_cache_initgr_invalidate(struct sss_mc_ctx **_mcc, const struct sized_string *name); errno_t sss_mmap_cache_reinit(TALLOC_CTX *mem_ctx, diff --git a/src/responder/pam/pam_prompting_config.c b/src/responder/pam/pam_prompting_config.c index 6e7fcd5db6c..7d0362fbbf5 100644 --- a/src/responder/pam/pam_prompting_config.c +++ b/src/responder/pam/pam_prompting_config.c @@ -215,58 +215,23 @@ static errno_t pam_set_prompting_options(struct confdb_ctx *cdb, errno_t pam_eval_prompting_config(struct pam_ctx *pctx, struct pam_data *pd) { int ret; - struct response_data *resp; - bool password_auth = false; - bool otp_auth = false; - bool cert_auth = false; - bool passkey_auth = false; struct prompt_config **pc_list = NULL; int resp_len; uint8_t *resp_data = NULL; + struct pam_resp_auth_type types; if (pctx->num_prompting_config_sections == 0) { DEBUG(SSSDBG_TRACE_ALL, "No prompting configuration found.\n"); return EOK; } - resp = pd->resp_list; - while (resp != NULL) { - switch (resp->type) { - case SSS_PAM_OTP_INFO: - otp_auth = true; - break; - case SSS_PAM_CERT_INFO: - cert_auth = true; - break; - case SSS_PAM_PASSKEY_INFO: - case SSS_PAM_PASSKEY_KRB_INFO: - passkey_auth = true; - break; - case SSS_PASSWORD_PROMPTING: - password_auth = true; - break; - case SSS_CERT_AUTH_PROMPTING: - /* currently not used */ - break; - default: - break; - } - resp = resp->next; - } - - if (!password_auth && !otp_auth && !cert_auth) { - /* If the backend cannot determine which authentication types are - * available the default would be to prompt for a password. */ - password_auth = true; + ret = pam_get_auth_types(pd, &types); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to get authentication types\n"); + goto done; } - DEBUG(SSSDBG_TRACE_ALL, "Authentication types for user [%s] and service " - "[%s]:%s%s%s%s\n", pd->user, pd->service, - password_auth ? " password": "", - otp_auth ? " two-factor" : "", - passkey_auth ? " passkey" : "", - cert_auth ? " smartcard" : ""); - if (passkey_auth) { + if (types.passkey_auth) { ret = pam_set_prompting_options(pctx->rctx->cdb, pd->service, pctx->prompting_config_sections, pctx->num_prompting_config_sections, @@ -280,7 +245,7 @@ errno_t pam_eval_prompting_config(struct pam_ctx *pctx, struct pam_data *pd) } } - if (cert_auth) { + if (types.cert_auth) { /* If certificate based authentication is possilbe, i.e. a Smartcard * or similar with the mapped certificate is available we currently * prefer this authentication type unconditionally. If other types @@ -292,7 +257,7 @@ errno_t pam_eval_prompting_config(struct pam_ctx *pctx, struct pam_data *pd) } /* If OTP and password auth are possible we currently prefer OTP. */ - if (otp_auth) { + if (types.otp_auth) { ret = pam_set_prompting_options(pctx->rctx->cdb, pd->service, pctx->prompting_config_sections, pctx->num_prompting_config_sections, @@ -306,7 +271,7 @@ errno_t pam_eval_prompting_config(struct pam_ctx *pctx, struct pam_data *pd) } } - if (password_auth) { + if (types.password_auth) { ret = pam_set_prompting_options(pctx->rctx->cdb, pd->service, pctx->prompting_config_sections, pctx->num_prompting_config_sections, diff --git a/src/responder/pam/pamsrv.h b/src/responder/pam/pamsrv.h index 22502da012d..61883618944 100644 --- a/src/responder/pam/pamsrv.h +++ b/src/responder/pam/pamsrv.h @@ -93,12 +93,29 @@ struct pam_auth_req { struct ldb_message *user_obj; struct cert_auth_info *cert_list; struct cert_auth_info *current_cert; + /* Switched to 'true' if the backend indicates that it cannot handle + * Smartcard authentication, but Smartcard authentication is + * possible and local Smartcard authentication is allowed. */ bool cert_auth_local; + /* Switched to 'true' if authentication (not pre-authentication) was + * started without a login name and the name had to be lookup up with the + * certificate used for authentication. Since reading the certificate from + * the Smartcard already involves the PIN validation in this case there + * would be no need for an additional Smartcard interaction if only local + * Smartcard authentication is possible. */ + bool initial_cert_auth_successful; bool passkey_data_exists; uint32_t client_id_num; }; +struct pam_resp_auth_type { + bool password_auth; + bool otp_auth; + bool cert_auth; + bool passkey_auth; +}; + struct sss_cmd_table *get_pam_cmds(void); errno_t @@ -153,6 +170,8 @@ errno_t filter_responses(struct pam_ctx *pctx, struct response_data *resp_list, struct pam_data *pd); +errno_t pam_get_auth_types(struct pam_data *pd, + struct pam_resp_auth_type *_auth_types); errno_t pam_eval_prompting_config(struct pam_ctx *pctx, struct pam_data *pd); enum pam_initgroups_scheme pam_initgroups_string_to_enum(const char *str); diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 171b8f1ab46..a7c18173358 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -20,7 +20,10 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#define _GNU_SOURCE + #include <time.h> +#include <string.h> #include "util/util.h" #include "util/auth_utils.h" #include "util/find_uid.h" @@ -50,12 +53,6 @@ struct pam_initgroup_enum_str { const char *option; }; -struct pam_passkey_table_data { - hash_table_t *table; - char *key; - struct pk_child_user_data *data; -}; - struct pam_initgroup_enum_str pam_initgroup_enum_str[] = { { PAM_INITGR_NEVER, "never" }, { PAM_INITGR_NO_SESSION, "no_session" }, @@ -105,10 +102,6 @@ static errno_t check_cert(TALLOC_CTX *mctx, struct pam_auth_req *preq, struct pam_data *pd); -errno_t passkey_kerberos(struct pam_ctx *pctx, - struct pam_data *pd, - struct pam_auth_req *preq); - int pam_check_user_done(struct pam_auth_req *preq, int ret); static errno_t pack_user_info_msg(TALLOC_CTX *mem_ctx, @@ -492,6 +485,98 @@ static int pam_parse_in_data(struct pam_data *pd, return EOK; } +static errno_t +pam_get_local_auth_policy(struct sss_domain_info *domain, + const char *name, + bool *_sc_allow, + bool *_passkey_allow) +{ + TALLOC_CTX *tmp_ctx = NULL; + const char *attrs[] = { SYSDB_LOCAL_SMARTCARD_AUTH, SYSDB_LOCAL_PASSKEY_AUTH, NULL }; + struct ldb_message *ldb_msg; + bool sc_allow = false; + bool passkey_allow = false; + errno_t ret; + + if (name == NULL || *name == '\0') { + DEBUG(SSSDBG_CRIT_FAILURE, "Missing user name.\n"); + ret = EINVAL; + goto done; + } + + if (domain->sysdb == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Missing sysdb db context.\n"); + ret = EINVAL; + goto done; + } + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sysdb_search_user_by_name(tmp_ctx, domain, name, attrs, &ldb_msg); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_search_user_by_name failed [%d][%s].\n", + ret, strerror(ret)); + goto done; + } + + sc_allow = ldb_msg_find_attr_as_bool(ldb_msg, SYSDB_LOCAL_SMARTCARD_AUTH, + false); + + passkey_allow = ldb_msg_find_attr_as_bool(ldb_msg, SYSDB_LOCAL_PASSKEY_AUTH, + true); + + ret = EOK; + +done: + if (ret == EOK) { + *_sc_allow = sc_allow; + *_passkey_allow = passkey_allow; + } + + talloc_free(tmp_ctx); + return ret; +} +static errno_t set_local_auth_type(struct pam_auth_req *preq, + bool sc_allow, + bool passkey_allow) +{ + struct sysdb_attrs *attrs; + errno_t ret; + + attrs = sysdb_new_attrs(preq); + if (!attrs) { + ret = ENOMEM; + goto fail; + } + + ret = sysdb_attrs_add_bool(attrs, SYSDB_LOCAL_SMARTCARD_AUTH, sc_allow); + if (ret != EOK) { + goto fail; + } + + ret = sysdb_attrs_add_bool(attrs, SYSDB_LOCAL_PASSKEY_AUTH, passkey_allow); + if (ret != EOK) { + goto fail; + } + + ret = sysdb_set_user_attr(preq->domain, preq->pd->user, attrs, + SYSDB_MOD_REP); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "set_local_auth_type failed.\n"); + preq->pd->pam_status = PAM_SYSTEM_ERR; + goto fail; + } + + return EOK; + +fail: + return ret; +} /*=Save-Last-Login-State===================================================*/ static errno_t set_last_login(struct pam_auth_req *preq) @@ -746,6 +831,239 @@ errno_t filter_responses(struct pam_ctx *pctx, return ret; } +static void do_not_send_cert_info(struct pam_data *pd) +{ + struct response_data *resp; + + resp = pd->resp_list; + while (resp != NULL) { + switch (resp->type) { + case SSS_PAM_CERT_INFO: + case SSS_PAM_CERT_INFO_WITH_HINT: + resp->do_not_send_to_client = true; + break; + default: + break; + } + resp = resp->next; + } +} + +static void evaluate_pam_resp_list(struct pam_data *pd, + struct pam_resp_auth_type *_auth_types, + bool *_found_cert_info) +{ + struct response_data *resp; + struct pam_resp_auth_type types = {0}; + bool found_cert_info = false; + + resp = pd->resp_list; + while (resp != NULL) { + switch (resp->type) { + case SSS_PAM_OTP_INFO: + types.otp_auth = true; + break; + case SSS_PAM_CERT_INFO: + case SSS_PAM_CERT_INFO_WITH_HINT: + found_cert_info = true; + break; + case SSS_PAM_PASSKEY_INFO: + case SSS_PAM_PASSKEY_KRB_INFO: + types.passkey_auth = true; + break; + case SSS_PASSWORD_PROMPTING: + types.password_auth = true; + break; + case SSS_CERT_AUTH_PROMPTING: + types.cert_auth = true; + break; + default: + break; + } + resp = resp->next; + } + + if (_auth_types != NULL) { + *_auth_types = types; + } + if (_found_cert_info != NULL) { + *_found_cert_info = found_cert_info; + } +} + +static void evalute_sending_cert_info(struct pam_data *pd) +{ + struct pam_resp_auth_type types = {0}; + bool found_cert_info = false; + + evaluate_pam_resp_list(pd, &types, &found_cert_info); + + if (found_cert_info && !types.cert_auth) { + do_not_send_cert_info(pd); + } +} + +errno_t pam_get_auth_types(struct pam_data *pd, + struct pam_resp_auth_type *_auth_types) +{ + int ret; + struct pam_resp_auth_type types = {0}; + + evaluate_pam_resp_list(pd, &types, NULL); + + if (!types.password_auth && !types.otp_auth && !types.cert_auth && !types.passkey_auth) { + /* If the backend cannot determine which authentication types are + * available the default would be to prompt for a password. */ + types.password_auth = true; + } + + DEBUG(SSSDBG_TRACE_ALL, "Authentication types for user [%s] and service " + "[%s]:%s%s%s%s\n", pd->user, pd->service, + types.password_auth ? " password": "", + types.otp_auth ? " two-factor" : "", + types.passkey_auth ? " passkey" : "", + types.cert_auth ? " smartcard" : ""); + + ret = EOK; + + *_auth_types = types; + + return ret; +} + +static errno_t pam_eval_local_auth_policy(TALLOC_CTX *mem_ctx, + struct pam_ctx *pctx, + struct pam_data *pd, + struct pam_auth_req *preq, + bool *_sc_allow, + bool *_passkey_allow, + char **_local_policy) { + + TALLOC_CTX *tmp_ctx; + errno_t ret; + const char *domain_cdb; + char *local_policy = NULL; + bool sc_allow = false; + bool passkey_allow = false; + struct pam_resp_auth_type auth_types; + char **opts; + size_t c; + +#ifdef BUILD_FILES_PROVIDER + if (is_files_provider(preq->domain)) { + *_sc_allow = true; + *_passkey_allow = false; + *_local_policy = NULL; + + return EOK; + } +#endif + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + /* Check local auth policy */ + domain_cdb = talloc_asprintf(tmp_ctx, CONFDB_DOMAIN_PATH_TMPL, preq->domain->name); + if (domain_cdb == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); + ret = ENOMEM; + goto done; + } + + ret = confdb_get_string(pctx->rctx->cdb, tmp_ctx, domain_cdb, + CONFDB_DOMAIN_LOCAL_AUTH_POLICY, + "match", &local_policy); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to get the confdb local_auth_policy\n"); + return ret; + } + + /* "only" ignores online methods and allows all local ones */ + if (strcasecmp(local_policy, "only") == 0) { + sc_allow = true; + passkey_allow = true; + /* Match what the KDC supports and provides */ + } else if (strcasecmp(local_policy, "match") == 0) { + /* Don't overwrite the local auth type when offline */ + if (pd->pam_status == PAM_SUCCESS && pd->cmd == SSS_PAM_PREAUTH && + !is_domain_provider(preq->domain, "ldap")) { + ret = pam_get_auth_types(pd, &auth_types); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to get authentication types\n"); + goto done; + } + + if (auth_types.cert_auth) { + sc_allow = true; + } else if (auth_types.passkey_auth) { + passkey_allow = true; + } + + /* Store the local auth types, in case we go offline */ + if (!auth_types.password_auth) { + ret = set_local_auth_type(preq, sc_allow, passkey_allow); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to evaluate local auth policy\n"); + goto done; + } + } + } + + /* Read the latest auth types */ + ret = pam_get_local_auth_policy(preq->domain, preq->pd->user, + &sc_allow, &passkey_allow); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to get PAM local auth policy\n"); + goto done; + } + /* Check for enable */ + } else { + ret = split_on_separator(tmp_ctx, local_policy, ',', true, true, &opts, + NULL); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "split_on_separator failed [%d], %s.\n", + ret, sss_strerror(ret)); + goto done; + } + + for (c = 0; opts[c] != NULL; c++) { + if (strcasestr(opts[c], "passkey") != NULL) { + passkey_allow = strstr(opts[c], "enable") ? true : false; + } else if (strcasestr(opts[c], "smartcard") != NULL) { + sc_allow = strstr(opts[c], "enable") ? true : false; + } else { + DEBUG(SSSDBG_MINOR_FAILURE, + "Unexpected local auth policy option [%s], " \ + "skipping.\n", opts[c]); + } + } + } + + /* if passkey is enabled but local Smartcard authentication is not but + * possible, the cert info data has to be remove as well if only local + * Smartcard authentication is possible. If Smartcard authentication + * is possible on the server side we have to keep it because the + * 'enable' option should only add local methods but not reject remote + * ones. */ + if (!sc_allow) { + evalute_sending_cert_info(pd); + } + + *_sc_allow = sc_allow; + *_passkey_allow = passkey_allow; + *_local_policy = talloc_steal(mem_ctx, local_policy); + + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; +} + static void pam_reply_delay(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *pvt) { @@ -871,229 +1189,6 @@ static int pam_reply_sr_export_shell(struct pam_auth_req *preq, return ret; } -errno_t decode_pam_passkey_msg(TALLOC_CTX *mem_ctx, - uint8_t *buf, - size_t len, - struct pk_child_user_data **_data) -{ - - size_t p = 0; - size_t pctr = 0; - errno_t ret; - size_t offset; - struct pk_child_user_data *data = NULL; - TALLOC_CTX *tmp_ctx; - - tmp_ctx = talloc_new(NULL); - if (tmp_ctx == NULL) { - return ENOMEM; - } - - data = talloc_zero(tmp_ctx, struct pk_child_user_data); - if (data == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to talloc passkey data.\n"); - ret = ENOMEM; - goto done; - } - - data->user_verification = talloc_strdup(data, (char *) &buf[p]); - if (data->user_verification == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to strdup passkey prompt.\n"); - ret = ENOMEM; - goto done; - } - - offset = strlen(data->user_verification) + 1; - if (offset >= len) { - DEBUG(SSSDBG_OP_FAILURE, "passkey prompt offset failure.\n"); - ret = EIO; - goto done; - } - - data->crypto_challenge = talloc_strdup(data, (char *) &buf[p + offset]); - if (data->crypto_challenge == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to strdup passkey challenge.\n"); - ret = ENOMEM; - goto done; - } - - offset += strlen(data->crypto_challenge) + 1; - if (offset >= len) { - DEBUG(SSSDBG_OP_FAILURE, "passkey challenge offset failure.\n"); - ret = EIO; - goto done; - } - - - data->domain = talloc_strdup(data, (char *) &buf[p] + offset); - if (data->domain == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to strdup passkey domain.\n"); - ret = ENOMEM; - goto done; - } - - offset += strlen(data->domain) + 1; - if (offset >= len) { - DEBUG(SSSDBG_OP_FAILURE, "passkey domain offset failure.\n"); - ret = EIO; - goto done; - } - - SAFEALIGN_COPY_UINT32(&data->num_credentials, &buf[p + offset], &pctr); - size_t list_sz = (size_t) data->num_credentials; - - offset += sizeof(uint32_t); - - data->key_handles = talloc_zero_array(data, const char *, list_sz); - - for (int i = 0; i < list_sz; i++) { - data->key_handles[i] = talloc_strdup(data->key_handles, (char *) &buf[p + offset]); - if (data->key_handles[i] == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to strdup passkey list.\n"); - ret = ENOMEM; - goto done; - } - - offset += strlen(data->key_handles[i]) + 1; - } - - *_data = talloc_steal(mem_ctx, data); - - ret = EOK; -done: - talloc_free(tmp_ctx); - return ret; -} - - -errno_t save_passkey_data(TALLOC_CTX *mem_ctx, - struct pam_ctx *pctx, - struct pk_child_user_data *data, - struct pam_auth_req *preq) -{ - char *pk_key; - errno_t ret; - TALLOC_CTX *tmp_ctx; - - tmp_ctx = talloc_new(NULL); - if (tmp_ctx == NULL) { - return ENOMEM; - } - - /* Passkey data (pk_table_data) is stolen onto client ctx, it will - * be freed when the client closes, and the sss_ptr_hash interface - * takes care of automatically removing it from the hash table then */ - pctx->pk_table_data = talloc_zero(tmp_ctx, struct pam_passkey_table_data); - if (pctx->pk_table_data == NULL) { - return ENOMEM; - } - - if (pctx->pk_table_data->table == NULL) { - pctx->pk_table_data->table = sss_ptr_hash_create(pctx->pk_table_data, - NULL, NULL); - if (pctx->pk_table_data->table == NULL) { - ret = ENOMEM; - goto done; - } - } - - pk_key = talloc_asprintf(tmp_ctx, "%s", data->crypto_challenge); - if (pk_key == NULL) { - ret = ENOMEM; - goto done; - } - - pctx->pk_table_data->key = talloc_strdup(pctx->pk_table_data, pk_key); - if (pctx->pk_table_data->key == NULL) { - ret = ENOMEM; - goto done; - } - - ret = sss_ptr_hash_add(pctx->pk_table_data->table, pk_key, data, - struct pk_child_user_data); - if (ret == EEXIST) { - DEBUG(SSSDBG_TRACE_FUNC, "pk_table key [%s] already exists\n", - pk_key); - goto done; - } else if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Unable to add pk data to hash table " - "[%d]: %s\n", ret, sss_strerror(ret)); - goto done; - } - - talloc_steal(mem_ctx, pctx->pk_table_data); - pctx->pk_table_data->data = talloc_steal(mem_ctx, data); - - ret = EOK; - -done: - talloc_free(tmp_ctx); - - return ret; -} - -errno_t pam_eval_passkey_response(struct pam_ctx *pctx, - struct pam_data *pd, - struct pam_auth_req *preq, - bool *_pk_preauth_done) -{ - struct response_data *pk_resp; - struct pk_child_user_data *pk_data; - errno_t ret; - TALLOC_CTX *tmp_ctx; - - tmp_ctx = talloc_new(NULL); - if (tmp_ctx == NULL) { - return ENOMEM; - } - - pk_resp = pd->resp_list; - - while (pk_resp != NULL) { - switch (pk_resp->type) { - case SSS_PAM_PASSKEY_KRB_INFO: - if (!pctx->passkey_auth) { - /* Passkey auth is disabled. To avoid passkey prompts appearing, - * don't send SSS_PAM_PASSKEY_KRB_INFO to the client and - * add a dummy response to fallback to normal auth */ - pk_resp->do_not_send_to_client = true; - ret = pam_add_response(pd, SSS_OTP, 0, NULL); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); - goto done; - } - break; - } - ret = decode_pam_passkey_msg(tmp_ctx, pk_resp->data, pk_resp->len, &pk_data); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to decode passkey msg\n"); - ret = EIO; - goto done; - } - - ret = save_passkey_data(preq->cctx, pctx, pk_data, preq); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to save passkey msg\n"); - ret = EIO; - goto done; - } - break; - /* Passkey non-kerberos preauth has already run */ - case SSS_PAM_PASSKEY_INFO: - *_pk_preauth_done = true; - default: - break; - } - pk_resp = pk_resp->next; - } - - ret = EOK; -done: - talloc_free(tmp_ctx); - - return ret; -} - void pam_reply(struct pam_auth_req *preq) { struct cli_ctx *cctx; @@ -1108,6 +1203,7 @@ void pam_reply(struct pam_auth_req *preq) struct timeval tv; struct tevent_timer *te; struct pam_data *pd; + char *local_policy = NULL; struct pam_ctx *pctx; uint32_t user_info_type; time_t exp_date = -1; @@ -1115,7 +1211,11 @@ void pam_reply(struct pam_auth_req *preq) char* pam_account_expired_message; char* pam_account_locked_message; int pam_verbosity; + bool local_sc_auth_allow = false; + bool local_passkey_auth_allow = false; +#ifdef BUILD_PASSKEY bool pk_preauth_done = false; +#endif /* BUILD_PASSKEY */ pd = preq->pd; cctx = preq->cctx; @@ -1136,6 +1236,34 @@ void pam_reply(struct pam_auth_req *preq) "this result might be changed during processing\n", pd->pam_status, pam_strerror(NULL, pd->pam_status)); + if (preq->domain != NULL && preq->domain->name != NULL) { + ret = pam_eval_local_auth_policy(cctx, pctx, pd, preq, + &local_sc_auth_allow, + &local_passkey_auth_allow, + &local_policy); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to evaluate local auth policy\n"); + goto done; + } + } + + /* Ignore local_auth_policy for the files provider, allow local + * smartcard auth (default behavior prior to local_auth_policy) */ + if (is_domain_provider(preq->domain, "files")) { + local_sc_auth_allow = true; + /* For the ldap auth provider we currently only support + * password based authentication */ + } else if (is_domain_provider(preq->domain, "ldap") && local_policy != NULL + && strcasecmp(local_policy, "match") == 0) { + local_passkey_auth_allow = false; + local_sc_auth_allow = false; + } + + DEBUG(SSSDBG_TRACE_FUNC, "Local auth policy allowed: smartcard [%s], passkey [%s]\n", + local_sc_auth_allow ? "True" : "False", + local_passkey_auth_allow ? "True" : "False"); + if (pd->cmd == SSS_PAM_AUTHENTICATE && !preq->cert_auth_local && (pd->pam_status == PAM_AUTHINFO_UNAVAIL @@ -1152,10 +1280,15 @@ void pam_reply(struct pam_auth_req *preq) DEBUG(SSSDBG_IMPORTANT_INFO, "Backend cannot handle Smartcard authentication, " "trying local Smartcard authentication.\n"); - preq->cert_auth_local = true; - ret = check_cert(cctx, cctx->ev, pctx, preq, pd); - pam_check_user_done(preq, ret); - return; + if (local_sc_auth_allow) { + preq->cert_auth_local = true; + ret = check_cert(cctx, cctx->ev, pctx, preq, pd); + pam_check_user_done(preq, ret); + return; + } else { + DEBUG(SSSDBG_IMPORTANT_INFO, + "Local smartcard auth not allowed by local_auth_policy"); + } } if (pd->pam_status == PAM_AUTHINFO_UNAVAIL || preq->use_cached_auth) { @@ -1285,6 +1418,18 @@ void pam_reply(struct pam_auth_req *preq) goto done; } + /* Passkey auth user notification if no TGT is granted */ + if (pd->cmd == SSS_PAM_AUTHENTICATE && + pd->pam_status == PAM_SUCCESS && + preq->pd->passkey_local_done) { + user_info_type = SSS_PAM_USER_INFO_NO_KRB_TGT; + pam_add_response(pd, SSS_PAM_USER_INFO, + sizeof(uint32_t), (const uint8_t *) &user_info_type); + DEBUG(SSSDBG_IMPORTANT_INFO, + "User [%s] logged in with local passkey authentication, single " + "sign on ticket is not obtained.\n", pd->user); + } + /* Account expiration warning is printed for sshd. If pam_verbosity * is equal or above PAM_VERBOSITY_INFO then all services are informed * about account expiration. @@ -1342,17 +1487,22 @@ void pam_reply(struct pam_auth_req *preq) "using defaults.\n"); } +#ifdef BUILD_PASSKEY ret = pam_eval_passkey_response(pctx, pd, preq, &pk_preauth_done); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Failed to eval passkey response\n"); goto done; } - if (may_do_passkey_auth(pctx, pd) && !pk_preauth_done && preq->passkey_data_exists) { - ret = passkey_non_kerberos(cctx, cctx->ev, pctx, preq, pd); + if (may_do_passkey_auth(pctx, pd) + && !pk_preauth_done + && preq->passkey_data_exists + && local_passkey_auth_allow) { + ret = passkey_local(cctx, cctx->ev, pctx, preq, pd); pam_check_user_done(preq, ret); return; } +#endif /* BUILD_PASSKEY */ } /* @@ -1806,10 +1956,11 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd) goto done; } - /* This is set to false inside passkey_non_kerberos() if no passkey data is found. + /* This is set to false inside passkey_local() if no passkey data is found. * It is checked in pam_reply() to avoid an endless loop */ preq->passkey_data_exists = true; +#ifdef BUILD_PASSKEY if ((pd->cmd == SSS_PAM_AUTHENTICATE)) { if (may_do_passkey_auth(pctx, pd)) { if (sss_authtok_get_type(pd->authtok) == SSS_AUTHTOK_TYPE_PASSKEY_KRB) { @@ -1817,11 +1968,12 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd) goto done; } else if ((sss_authtok_get_type(pd->authtok) == SSS_AUTHTOK_TYPE_PASSKEY) || (sss_authtok_get_type(pd->authtok) == SSS_AUTHTOK_TYPE_EMPTY)) { - ret = passkey_non_kerberos(cctx, cctx->ev, pctx, preq, pd); + ret = passkey_local(cctx, cctx->ev, pctx, preq, pd); goto done; } } } +#endif /* BUILD_PASSKEY */ ret = pam_check_user_search(preq); @@ -2048,8 +2200,8 @@ static void pam_forwarder_lookup_by_cert_done(struct tevent_req *req) ret = ENOENT; goto done; } - - if (cert_count > 1) { + /* Multiple certificates are only expected during pre-auth */ + if (cert_count > 1 && preq->pd->cmd == SSS_PAM_PREAUTH) { for (preq->current_cert = preq->cert_list; preq->current_cert != NULL; preq->current_cert = sss_cai_get_next(preq->current_cert)) { @@ -2133,7 +2285,9 @@ static void pam_forwarder_lookup_by_cert_done(struct tevent_req *req) } /* If logon_name was not given during authentication add a - * SSS_PAM_CERT_INFO message to send the name to the caller. */ + * SSS_PAM_CERT_INFO message to send the name to the caller. + * Additionally initial_cert_auth_successful is set to + * indicate that the user is already authenticated. */ if (preq->pd->cmd == SSS_PAM_AUTHENTICATE && preq->pd->logon_name == NULL) { ret = add_pam_cert_response(preq->pd, @@ -2145,6 +2299,8 @@ static void pam_forwarder_lookup_by_cert_done(struct tevent_req *req) preq->pd->pam_status = PAM_AUTHINFO_UNAVAIL; goto done; } + + preq->initial_cert_auth_successful = true; } /* cert_user will be returned to the PAM client as user name, so @@ -2220,7 +2376,8 @@ static void pam_forwarder_cb(struct tevent_req *req) goto done; } - /* This is set to false inside passkey_non_kerberos() if no passkey data is found. +#ifdef BUILD_PASSKEY + /* This is set to false inside passkey_local() if no passkey data is found. * It is checked in pam_reply() to avoid an endless loop */ preq->passkey_data_exists = true; @@ -2231,11 +2388,12 @@ static void pam_forwarder_cb(struct tevent_req *req) goto done; } else if ((sss_authtok_get_type(pd->authtok) == SSS_AUTHTOK_TYPE_PASSKEY) || (sss_authtok_get_type(pd->authtok) == SSS_AUTHTOK_TYPE_EMPTY)) { - ret = passkey_non_kerberos(cctx, cctx->ev, pctx, preq, pd); + ret = passkey_local(cctx, cctx->ev, pctx, preq, pd); goto done; } } } +#endif /* BUILD_PASSKEY */ ret = pam_check_user_search(preq); @@ -2557,137 +2715,25 @@ static bool pam_can_user_cache_auth(struct sss_domain_info *domain, return result; } -void passkey_kerberos_cb(struct tevent_req *req) -{ - struct pam_auth_req *preq = tevent_req_callback_data(req, - struct pam_auth_req); - errno_t ret = EOK; - int child_status; - - ret = pam_passkey_auth_recv(req, &child_status); - talloc_free(req); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "PAM passkey auth failed [%d]: %s\n", - ret, sss_strerror(ret)); - goto done; - } - - DEBUG(SSSDBG_TRACE_FUNC, "passkey child finished with status [%d]\n", child_status); - - pam_check_user_search(preq); - -done: - pam_check_user_done(preq, ret); -} - -errno_t passkey_kerberos(struct pam_ctx *pctx, - struct pam_data *pd, - struct pam_auth_req *preq) -{ - errno_t ret; - const char *prompt; - const char *key; - const char *pin; - size_t pin_len; - struct pk_child_user_data *data; - struct tevent_req *req; - int timeout; - char *verify_opts; - bool debug_libfido2; - enum passkey_user_verification verification; - - ret = sss_authtok_get_passkey(preq, preq->pd->authtok, - &prompt, &key, &pin, &pin_len); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "Failure to get passkey authtok\n"); - return EIO; - } - - if (prompt == NULL || key == NULL) { - DEBUG(SSSDBG_OP_FAILURE, - "Passkey prompt and key are missing or invalid.\n"); - return EIO; - } - - data = sss_ptr_hash_lookup(pctx->pk_table_data->table, key, - struct pk_child_user_data); - if (data == NULL) { - DEBUG(SSSDBG_OP_FAILURE, - "Failed to lookup passkey authtok\n"); - return EIO; - } - - ret = confdb_get_int(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY, - CONFDB_PAM_PASSKEY_CHILD_TIMEOUT, PASSKEY_CHILD_TIMEOUT_DEFAULT, - &timeout); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "Failed to read passkey_child_timeout from confdb: [%d]: %s\n", - ret, sss_strerror(ret)); - goto done; - } - - ret = confdb_get_string(pctx->rctx->cdb, preq, CONFDB_MONITOR_CONF_ENTRY, - CONFDB_MONITOR_PASSKEY_VERIFICATION, NULL, - &verify_opts); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "Failed to read '"CONFDB_MONITOR_PASSKEY_VERIFICATION"' from confdb: [%d]: %s\n", - ret, sss_strerror(ret)); - goto done; - } - - /* Always use verification sent from passkey krb5 plugin */ - ret = read_passkey_conf_verification(preq, verify_opts, NULL); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, "Unable to parse passkey verificaton options.\n"); - } - - if (strcasecmp(data->user_verification, "false") == 0) { - verification = PAM_PASSKEY_VERIFICATION_OFF; - } else { - verification = PAM_PASSKEY_VERIFICATION_ON; - } - - ret = confdb_get_bool(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY, - CONFDB_PAM_PASSKEY_DEBUG_LIBFIDO2, false, - &debug_libfido2); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "Failed to read '"CONFDB_PAM_PASSKEY_DEBUG_LIBFIDO2"' from confdb: [%d]: %s\n", - ret, sss_strerror(ret)); - goto done; - } - - req = pam_passkey_auth_send(preq->cctx, preq->cctx->ev, timeout, debug_libfido2, - verification, pd, data, true); - if (req == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "passkey auth send failed [%d]: [%s]\n", - ret, sss_strerror(ret)); - goto done; - } - - tevent_req_set_callback(req, passkey_kerberos_cb, preq); - - ret = EAGAIN; - -done: - - return ret; - -} - static void pam_dom_forwarder(struct pam_auth_req *preq) { + TALLOC_CTX *tmp_ctx = NULL; int ret; struct pam_ctx *pctx = talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx); const char *cert_user; struct ldb_result *cert_user_objs; + bool sc_auth; + bool passkey_auth; size_t c; + char *local_policy = NULL; bool found = false; + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return; + } + if (!preq->pd->domain) { preq->pd->domain = preq->domain->name; } @@ -2723,6 +2769,27 @@ static void pam_dom_forwarder(struct pam_auth_req *preq) return; } + /* Skip online auth when local auth policy = only */ +#ifdef BUILD_PASSKEY + if (may_do_cert_auth(pctx, preq->pd) || may_do_passkey_auth(pctx, preq->pd)) { +#else + if (may_do_cert_auth(pctx, preq->pd)) { +#endif /* BUILD_PASSKEY */ + if (preq->domain->name != NULL) { + ret = pam_eval_local_auth_policy(preq->cctx, pctx, preq->pd, preq, + &sc_auth, + &passkey_auth, + &local_policy); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to evaluate local auth policy\n"); + preq->pd->pam_status = PAM_AUTH_ERR; + pam_reply(preq); + return; + } + } + } + if (may_do_cert_auth(pctx, preq->pd) && preq->cert_list != NULL) { /* Check if user matches certificate user */ found = false; @@ -2786,6 +2853,25 @@ static void pam_dom_forwarder(struct pam_auth_req *preq) } if (found) { + if (local_policy != NULL && strcasecmp(local_policy, "only") == 0) { + talloc_free(tmp_ctx); + DEBUG(SSSDBG_IMPORTANT_INFO, + "Local auth only set and matching certificate was found, " + "skipping online auth\n"); + if (preq->pd->cmd == SSS_PAM_PREAUTH) { + preq->pd->pam_status = PAM_SUCCESS; + } else if (preq->pd->cmd == SSS_PAM_AUTHENTICATE + && IS_SC_AUTHTOK(preq->pd->authtok) + && (preq->cert_auth_local + || preq->initial_cert_auth_successful)) { + preq->pd->pam_status = PAM_SUCCESS; + preq->callback = pam_reply; + } + + pam_reply(preq); + return; + } + /* We are done if we do not have to call the backend */ if (preq->pd->cmd == SSS_PAM_AUTHENTICATE && preq->cert_auth_local) { @@ -2809,10 +2895,26 @@ static void pam_dom_forwarder(struct pam_auth_req *preq) } } + if (local_policy != NULL && strcasecmp(local_policy, "only") == 0) { + talloc_free(tmp_ctx); + DEBUG(SSSDBG_IMPORTANT_INFO, "Local auth only set, skipping online auth\n"); + if (preq->pd->cmd == SSS_PAM_PREAUTH) { + preq->pd->pam_status = PAM_SUCCESS; + } else if (preq->pd->cmd == SSS_PAM_AUTHENTICATE && IS_SC_AUTHTOK(preq->pd->authtok)) { + /* Trigger offline smartcardcard autheitcation */ + preq->pd->pam_status = PAM_AUTHINFO_UNAVAIL; + } + + pam_reply(preq); + return; + } + preq->callback = pam_reply; ret = pam_dp_send_req(preq); DEBUG(SSSDBG_CONF_SETTINGS, "pam_dp_send_req returned %d\n", ret); + talloc_free(tmp_ctx); + if (ret != EOK) { preq->pd->pam_status = PAM_SYSTEM_ERR; pam_reply(preq); diff --git a/src/responder/pam/pamsrv_passkey.c b/src/responder/pam/pamsrv_passkey.c index d884a767034..112584096c7 100644 --- a/src/responder/pam/pamsrv_passkey.c +++ b/src/responder/pam/pamsrv_passkey.c @@ -32,6 +32,12 @@ struct pam_passkey_verification_enum_str { const char *option; }; +struct pam_passkey_table_data { + hash_table_t *table; + char *key; + struct pk_child_user_data *data; +}; + struct pam_passkey_verification_enum_str pam_passkey_verification_enum_str[] = { { PAM_PASSKEY_VERIFICATION_ON, "on" }, { PAM_PASSKEY_VERIFICATION_OFF, "off" }, @@ -85,7 +91,124 @@ struct passkey_get_mapping_state { struct cache_req_result *result; }; -errno_t passkey_non_kerberos(TALLOC_CTX *mem_ctx, +void passkey_kerberos_cb(struct tevent_req *req) +{ + struct pam_auth_req *preq = tevent_req_callback_data(req, + struct pam_auth_req); + errno_t ret = EOK; + int child_status; + + ret = pam_passkey_auth_recv(req, &child_status); + talloc_free(req); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "PAM passkey auth failed [%d]: %s\n", + ret, sss_strerror(ret)); + goto done; + } + + DEBUG(SSSDBG_TRACE_FUNC, "passkey child finished with status [%d]\n", child_status); + + pam_check_user_search(preq); + +done: + pam_check_user_done(preq, ret); +} + +errno_t passkey_kerberos(struct pam_ctx *pctx, + struct pam_data *pd, + struct pam_auth_req *preq) +{ + errno_t ret; + const char *prompt; + const char *key; + const char *pin; + size_t pin_len; + struct pk_child_user_data *data; + struct tevent_req *req; + int timeout; + char *verify_opts; + bool debug_libfido2; + enum passkey_user_verification verification; + + ret = sss_authtok_get_passkey(preq, preq->pd->authtok, + &prompt, &key, &pin, &pin_len); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Failure to get passkey authtok\n"); + return EIO; + } + + if (prompt == NULL || key == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "Passkey prompt and key are missing or invalid.\n"); + return EIO; + } + + data = sss_ptr_hash_lookup(pctx->pk_table_data->table, key, + struct pk_child_user_data); + if (data == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to lookup passkey authtok\n"); + return EIO; + } + + ret = confdb_get_int(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY, + CONFDB_PAM_PASSKEY_CHILD_TIMEOUT, PASSKEY_CHILD_TIMEOUT_DEFAULT, + &timeout); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to read passkey_child_timeout from confdb: [%d]: %s\n", + ret, sss_strerror(ret)); + goto done; + } + + ret = confdb_get_string(pctx->rctx->cdb, preq, CONFDB_MONITOR_CONF_ENTRY, + CONFDB_MONITOR_PASSKEY_VERIFICATION, NULL, + &verify_opts); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to read '"CONFDB_MONITOR_PASSKEY_VERIFICATION"' from confdb: [%d]: %s\n", + ret, sss_strerror(ret)); + goto done; + } + + /* Always use verification sent from passkey krb5 plugin */ + if (strcasecmp(data->user_verification, "false") == 0) { + verification = PAM_PASSKEY_VERIFICATION_OFF; + } else { + verification = PAM_PASSKEY_VERIFICATION_ON; + } + + ret = confdb_get_bool(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY, + CONFDB_PAM_PASSKEY_DEBUG_LIBFIDO2, false, + &debug_libfido2); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to read '"CONFDB_PAM_PASSKEY_DEBUG_LIBFIDO2"' from confdb: [%d]: %s\n", + ret, sss_strerror(ret)); + goto done; + } + + req = pam_passkey_auth_send(preq->cctx, preq->cctx->ev, timeout, debug_libfido2, + verification, pd, data, true); + if (req == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "passkey auth send failed [%d]: [%s]\n", + ret, sss_strerror(ret)); + goto done; + } + + tevent_req_set_callback(req, passkey_kerberos_cb, preq); + + ret = EAGAIN; + +done: + + return ret; + +} + + +errno_t passkey_local(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct pam_ctx *pam_ctx, struct pam_auth_req *preq, @@ -256,7 +379,7 @@ errno_t read_passkey_conf_verification(TALLOC_CTX *mem_ctx, return ret; } -static errno_t passkey_non_kerberos_verification(TALLOC_CTX *mem_ctx, +static errno_t passkey_local_verification(TALLOC_CTX *mem_ctx, struct passkey_ctx *pctx, struct confdb_ctx *cdb, struct sysdb_ctx *sysdb, @@ -366,6 +489,22 @@ errno_t process_passkey_data(TALLOC_CTX *mem_ctx, goto done; } + /* This attribute may contain other mapping data unrelated to passkey. In that case + * let's omit it. For example, AD user altSecurityIdentities may store ssh public key + * or smart card mapping data */ + ret = split_on_separator(tmp_ctx, (const char *) el->values[0].data, ':', true, true, + &mappings, NULL); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Incorrectly formatted passkey data [%d]: %s\n", + ret, sss_strerror(ret)); + ret = ENOENT; + goto done; + } else if (strcasecmp(mappings[0], "passkey") != 0) { + DEBUG(SSSDBG_TRACE_FUNC, "Mapping data found is not passkey related\n"); + ret = ENOENT; + goto done; + } + kh_mappings = talloc_zero_array(tmp_ctx, const char *, el->num_values + 1); if (kh_mappings == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_zero_array failed.\n"); @@ -438,6 +577,8 @@ void pam_forwarder_passkey_cb(struct tevent_req *req) goto done; } + preq->pd->passkey_local_done = true; + DEBUG(SSSDBG_TRACE_FUNC, "passkey child finished with status [%d]\n", child_status); preq->pd->pam_status = PAM_SUCCESS; pam_reply(preq); @@ -499,7 +640,10 @@ void pam_passkey_get_user_done(struct tevent_req *req) /* Get passkey data */ DEBUG(SSSDBG_TRACE_ALL, "Processing passkey data\n"); ret = process_passkey_data(pk_data, result->msgs[0], domain_name, pk_data); - if (ret == ENOENT) { + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "process_passkey_data failed: [%d]: %s\n", + ret, sss_strerror(ret)); goto done; } @@ -514,7 +658,7 @@ void pam_passkey_get_user_done(struct tevent_req *req) goto done; } - ret = passkey_non_kerberos_verification(pctx, pctx, pctx->pam_ctx->rctx->cdb, + ret = passkey_local_verification(pctx, pctx, pctx->pam_ctx->rctx->cdb, result->domain->sysdb, result->domain->dns_name, pk_data, &verification, &debug_libfido2); if (ret != EOK) { @@ -576,6 +720,7 @@ void pam_passkey_get_user_done(struct tevent_req *req) struct pam_passkey_auth_send_state { struct pam_data *pd; struct tevent_context *ev; + struct tevent_timer *timeout_handler; struct sss_child_ctx_old *child_ctx; struct child_io_fds *io; const char *logfile; @@ -868,6 +1013,24 @@ pam_passkey_auth_send(TALLOC_CTX *mem_ctx, return req; } +static void +passkey_child_timeout(struct tevent_context *ev, + struct tevent_timer *te, + struct timeval tv, void *pvt) +{ + struct tevent_req *req = + talloc_get_type(pvt, struct tevent_req); + struct pam_passkey_auth_send_state *state = + tevent_req_data(req, struct pam_passkey_auth_send_state); + + DEBUG(SSSDBG_CRIT_FAILURE, "Timeout reached for passkey child, " + "consider increasing passkey_child_timeout\n"); + child_handler_destroy(state->child_ctx); + state->child_ctx = NULL; + state->child_status = ETIMEDOUT; + tevent_req_error(req, ERR_PASSKEY_CHILD_TIMEOUT); +} + static errno_t passkey_child_exec(struct tevent_req *req) { struct pam_passkey_auth_send_state *state; @@ -878,7 +1041,6 @@ static errno_t passkey_child_exec(struct tevent_req *req) uint8_t *write_buf = NULL; size_t write_buf_len = 0; struct timeval tv; - bool endtime; int ret; state = tevent_req_data(req, struct pam_passkey_auth_send_state); @@ -918,7 +1080,7 @@ static errno_t passkey_child_exec(struct tevent_req *req) /* Set up SIGCHLD handler */ if (state->kerberos_pa) { - ret = child_handler_setup(state->ev, child_pid, NULL, NULL, NULL); + ret = child_handler_setup(state->ev, child_pid, NULL, req, &state->child_ctx); } else { ret = child_handler_setup(state->ev, child_pid, pam_passkey_auth_done, req, @@ -934,8 +1096,9 @@ static errno_t passkey_child_exec(struct tevent_req *req) /* Set up timeout handler */ tv = tevent_timeval_current_ofs(state->timeout, 0); - endtime = tevent_req_set_endtime(req, state->ev, tv); - if (endtime == false) { + state->timeout_handler = tevent_add_timer(state->ev, req, tv, + passkey_child_timeout, req); + if (state->timeout_handler == NULL) { ret = ERR_PASSKEY_CHILD; goto done; } @@ -994,6 +1157,229 @@ errno_t pam_passkey_auth_recv(struct tevent_req *req, return EOK; } +errno_t decode_pam_passkey_msg(TALLOC_CTX *mem_ctx, + uint8_t *buf, + size_t len, + struct pk_child_user_data **_data) +{ + + size_t p = 0; + size_t pctr = 0; + errno_t ret; + size_t offset; + struct pk_child_user_data *data = NULL; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + data = talloc_zero(tmp_ctx, struct pk_child_user_data); + if (data == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to talloc passkey data.\n"); + ret = ENOMEM; + goto done; + } + + data->user_verification = talloc_strdup(data, (char *) &buf[p]); + if (data->user_verification == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to strdup passkey prompt.\n"); + ret = ENOMEM; + goto done; + } + + offset = strlen(data->user_verification) + 1; + if (offset >= len) { + DEBUG(SSSDBG_OP_FAILURE, "passkey prompt offset failure.\n"); + ret = EIO; + goto done; + } + + data->crypto_challenge = talloc_strdup(data, (char *) &buf[p + offset]); + if (data->crypto_challenge == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to strdup passkey challenge.\n"); + ret = ENOMEM; + goto done; + } + + offset += strlen(data->crypto_challenge) + 1; + if (offset >= len) { + DEBUG(SSSDBG_OP_FAILURE, "passkey challenge offset failure.\n"); + ret = EIO; + goto done; + } + + + data->domain = talloc_strdup(data, (char *) &buf[p] + offset); + if (data->domain == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to strdup passkey domain.\n"); + ret = ENOMEM; + goto done; + } + + offset += strlen(data->domain) + 1; + if (offset >= len) { + DEBUG(SSSDBG_OP_FAILURE, "passkey domain offset failure.\n"); + ret = EIO; + goto done; + } + + SAFEALIGN_COPY_UINT32(&data->num_credentials, &buf[p + offset], &pctr); + size_t list_sz = (size_t) data->num_credentials; + + offset += sizeof(uint32_t); + + data->key_handles = talloc_zero_array(data, const char *, list_sz); + + for (int i = 0; i < list_sz; i++) { + data->key_handles[i] = talloc_strdup(data->key_handles, (char *) &buf[p + offset]); + if (data->key_handles[i] == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to strdup passkey list.\n"); + ret = ENOMEM; + goto done; + } + + offset += strlen(data->key_handles[i]) + 1; + } + + *_data = talloc_steal(mem_ctx, data); + + ret = EOK; +done: + talloc_free(tmp_ctx); + return ret; +} + +errno_t save_passkey_data(TALLOC_CTX *mem_ctx, + struct pam_ctx *pctx, + struct pk_child_user_data *data, + struct pam_auth_req *preq) +{ + char *pk_key; + errno_t ret; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + /* Passkey data (pk_table_data) is stolen onto client ctx, it will + * be freed when the client closes, and the sss_ptr_hash interface + * takes care of automatically removing it from the hash table then */ + pctx->pk_table_data = talloc_zero(tmp_ctx, struct pam_passkey_table_data); + if (pctx->pk_table_data == NULL) { + return ENOMEM; + } + + if (pctx->pk_table_data->table == NULL) { + pctx->pk_table_data->table = sss_ptr_hash_create(pctx->pk_table_data, + NULL, NULL); + if (pctx->pk_table_data->table == NULL) { + ret = ENOMEM; + goto done; + } + } + + pk_key = talloc_asprintf(tmp_ctx, "%s", data->crypto_challenge); + if (pk_key == NULL) { + ret = ENOMEM; + goto done; + } + + pctx->pk_table_data->key = talloc_strdup(pctx->pk_table_data, pk_key); + if (pctx->pk_table_data->key == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sss_ptr_hash_add(pctx->pk_table_data->table, pk_key, data, + struct pk_child_user_data); + if (ret == EEXIST) { + DEBUG(SSSDBG_TRACE_FUNC, "pk_table key [%s] already exists\n", + pk_key); + goto done; + } else if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Unable to add pk data to hash table " + "[%d]: %s\n", ret, sss_strerror(ret)); + goto done; + } + + talloc_steal(mem_ctx, pctx->pk_table_data); + pctx->pk_table_data->data = talloc_steal(mem_ctx, data); + + ret = EOK; + +done: + talloc_free(tmp_ctx); + + return ret; +} + +errno_t pam_eval_passkey_response(struct pam_ctx *pctx, + struct pam_data *pd, + struct pam_auth_req *preq, + bool *_pk_preauth_done) +{ + struct response_data *pk_resp; + struct pk_child_user_data *pk_data; + errno_t ret; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + pk_resp = pd->resp_list; + + while (pk_resp != NULL) { + switch (pk_resp->type) { + case SSS_PAM_PASSKEY_KRB_INFO: + if (!pctx->passkey_auth) { + /* Passkey auth is disabled. To avoid passkey prompts appearing, + * don't send SSS_PAM_PASSKEY_KRB_INFO to the client and + * add a dummy response to fallback to normal auth */ + pk_resp->do_not_send_to_client = true; + ret = pam_add_response(pd, SSS_OTP, 0, NULL); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); + goto done; + } + break; + } + ret = decode_pam_passkey_msg(tmp_ctx, pk_resp->data, pk_resp->len, &pk_data); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to decode passkey msg\n"); + ret = EIO; + goto done; + } + + ret = save_passkey_data(preq->cctx, pctx, pk_data, preq); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to save passkey msg\n"); + ret = EIO; + goto done; + } + break; + /* Passkey non-kerberos preauth has already run */ + case SSS_PAM_PASSKEY_INFO: + *_pk_preauth_done = true; + default: + break; + } + pk_resp = pk_resp->next; + } + + ret = EOK; +done: + talloc_free(tmp_ctx); + + return ret; +} + + static void pam_passkey_auth_done(int child_status, struct tevent_signal *sige, @@ -1034,8 +1420,7 @@ bool may_do_passkey_auth(struct pam_ctx *pctx, #ifndef BUILD_PASSKEY DEBUG(SSSDBG_TRACE_FUNC, "Passkey auth not possible, SSSD built without passkey support!\n"); return false; -#endif - +#else if (!pctx->passkey_auth) { return false; } @@ -1049,4 +1434,5 @@ bool may_do_passkey_auth(struct pam_ctx *pctx, } return true; +#endif /* BUILD_PASSKEY */ } diff --git a/src/responder/pam/pamsrv_passkey.h b/src/responder/pam/pamsrv_passkey.h index e799d951f28..7c5a532e91a 100644 --- a/src/responder/pam/pamsrv_passkey.h +++ b/src/responder/pam/pamsrv_passkey.h @@ -23,6 +23,7 @@ #include <security/pam_appl.h> #include "util/util.h" +#include "util/sss_ptr_hash.h" #include "responder/common/responder.h" #include "responder/common/cache_req/cache_req.h" #include "responder/pam/pamsrv.h" @@ -35,11 +36,14 @@ enum passkey_user_verification { PAM_PASSKEY_VERIFICATION_INVALID }; -errno_t passkey_non_kerberos(TALLOC_CTX *mem_ctx, +errno_t passkey_local(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct pam_ctx *pam_ctx, struct pam_auth_req *preq, struct pam_data *pd); +errno_t passkey_kerberos(struct pam_ctx *pctx, + struct pam_data *pd, + struct pam_auth_req *preq); struct pk_child_user_data { /* Both Kerberos and non-kerberos */ @@ -69,6 +73,10 @@ struct tevent_req *pam_passkey_auth_send(TALLOC_CTX *mem_ctx, bool kerberos_pa); errno_t pam_passkey_auth_recv(struct tevent_req *req, int *child_status); +errno_t pam_eval_passkey_response(struct pam_ctx *pctx, + struct pam_data *pd, + struct pam_auth_req *preq, + bool *_pk_preauth_done); bool may_do_passkey_auth(struct pam_ctx *pctx, struct pam_data *pd); diff --git a/src/sbus/connection/sbus_connection_connect.c b/src/sbus/connection/sbus_connection_connect.c index 45a0fa49102..edc090e156f 100644 --- a/src/sbus/connection/sbus_connection_connect.c +++ b/src/sbus/connection/sbus_connection_connect.c @@ -67,6 +67,8 @@ sbus_connect_init_send(TALLOC_CTX *mem_ctx, tevent_req_set_callback(subreq, sbus_connect_init_hello_done, req); + arm_watchdog(); + return req; } @@ -111,6 +113,8 @@ static void sbus_connect_init_done(struct tevent_req *subreq) uint32_t res; errno_t ret; + disarm_watchdog(); + req = tevent_req_callback_data(subreq, struct tevent_req); ret = sbus_call_DBus_RequestName_recv(subreq, &res); diff --git a/src/sbus/connection/sbus_dbus.c b/src/sbus/connection/sbus_dbus.c index e30c873712b..69b18bc42c0 100644 --- a/src/sbus/connection/sbus_dbus.c +++ b/src/sbus/connection/sbus_dbus.c @@ -42,8 +42,14 @@ sbus_dbus_request_name(DBusConnection *dbus_conn, const char *name) dbret = dbus_bus_request_name(dbus_conn, name, flags, &dbus_error); if (dbret == -1) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to request name on the " - "system bus [%s]: %s\n", dbus_error.name, dbus_error.message); + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to request name '%s' on the system" + " bus [%s]: %s\n", name, dbus_error.name, dbus_error.message); + if (dbus_error_has_name(&dbus_error, DBUS_ERROR_ACCESS_DENIED)) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Access denied - check dbus service configuration.\n"); + sss_log(SSS_LOG_CRIT, "SSSD dbus service can't acquire bus name" + " - check dbus service configuration."); + } ret = EIO; goto done; } else if (dbret != DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER) { diff --git a/src/sss_client/common.c b/src/sss_client/common.c index 53ff6e8e9a8..702d0597d11 100644 --- a/src/sss_client/common.c +++ b/src/sss_client/common.c @@ -62,22 +62,31 @@ /* common functions */ +static int sss_cli_sd_get(void); +static void sss_cli_sd_set(int sd); +static const struct stat *sss_cli_sb_get(void); +static int sss_cli_sb_set_by_sd(int sd); + #ifdef HAVE_PTHREAD_EXT static pthread_key_t sss_sd_key; static pthread_once_t sss_sd_key_init = PTHREAD_ONCE_INIT; static atomic_bool sss_sd_key_initialized = false; -static __thread int sss_cli_sd = -1; /* the sss client socket descriptor */ -static __thread struct stat sss_cli_sb; /* the sss client stat buffer */ +struct sss_socket_descriptor_t { + int sd; + struct stat sb; +}; #else -static int sss_cli_sd = -1; /* the sss client socket descriptor */ -static struct stat sss_cli_sb; /* the sss client stat buffer */ +static int _sss_cli_sd = -1; /* the sss client socket descriptor */ +static struct stat _sss_cli_sb; /* the sss client stat buffer */ #endif void sss_cli_close_socket(void) { - if (sss_cli_sd != -1) { - close(sss_cli_sd); - sss_cli_sd = -1; + int sd = sss_cli_sd_get(); + + if (sd != -1) { + close(sd); + sss_cli_sd_set(-1); } } @@ -85,25 +94,30 @@ void sss_cli_close_socket(void) static void sss_at_thread_exit(void *v) { sss_cli_close_socket(); + free(v); + pthread_setspecific(sss_sd_key, NULL); } static void init_sd_key(void) { - pthread_key_create(&sss_sd_key, sss_at_thread_exit); - sss_sd_key_initialized = true; + if (pthread_key_create(&sss_sd_key, sss_at_thread_exit) == 0) { + sss_sd_key_initialized = true; + } } #endif #if HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR __attribute__((destructor)) void sss_at_lib_unload(void) { + sss_cli_close_socket(); #ifdef HAVE_PTHREAD_EXT if (sss_sd_key_initialized) { sss_sd_key_initialized = false; + free(pthread_getspecific(sss_sd_key)); + pthread_setspecific(sss_sd_key, NULL); pthread_key_delete(sss_sd_key); } #endif - sss_cli_close_socket(); } #endif @@ -137,7 +151,7 @@ static enum sss_status sss_cli_send_req(enum sss_cli_command cmd, int res, error; *errnop = 0; - pfd.fd = sss_cli_sd; + pfd.fd = sss_cli_sd_get(); pfd.events = POLLOUT; do { @@ -163,7 +177,7 @@ static enum sss_status sss_cli_send_req(enum sss_cli_command cmd, *errnop = EPIPE; } else if (pfd.revents & POLLNVAL) { /* Invalid request: fd is not opened */ - sss_cli_sd = -1; + sss_cli_sd_set(-1); *errnop = EPIPE; } else if (!(pfd.revents & POLLOUT)) { *errnop = EBUSY; @@ -180,13 +194,13 @@ static enum sss_status sss_cli_send_req(enum sss_cli_command cmd, errno = 0; if (datasent < SSS_NSS_HEADER_SIZE) { - res = send(sss_cli_sd, + res = send(sss_cli_sd_get(), (char *)header + datasent, SSS_NSS_HEADER_SIZE - datasent, SSS_DEFAULT_WRITE_FLAGS); } else { rdsent = datasent - SSS_NSS_HEADER_SIZE; - res = send(sss_cli_sd, + res = send(sss_cli_sd_get(), (const char *)rd->data + rdsent, rd->len - rdsent, SSS_DEFAULT_WRITE_FLAGS); @@ -249,7 +263,7 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd, int bufrecv; int res, error; - pfd.fd = sss_cli_sd; + pfd.fd = sss_cli_sd_get(); pfd.events = POLLIN; do { @@ -278,7 +292,7 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd, *errnop = EPIPE; } else if (pfd.revents & POLLNVAL) { /* Invalid request: fd is not opened */ - sss_cli_sd = -1; + sss_cli_sd_set(-1); *errnop = EPIPE; } else if (!(pfd.revents & POLLIN)) { *errnop = EBUSY; @@ -296,12 +310,12 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd, errno = 0; if (datarecv < SSS_NSS_HEADER_SIZE) { - res = read(sss_cli_sd, + res = read(sss_cli_sd_get(), (char *)header + datarecv, SSS_NSS_HEADER_SIZE - datarecv); } else { bufrecv = datarecv - SSS_NSS_HEADER_SIZE; - res = read(sss_cli_sd, + res = read(sss_cli_sd_get(), (char *) buf + bufrecv, header[0] - datarecv); } @@ -591,16 +605,6 @@ static int sss_cli_open_socket(int *errnop, const char *socket_name, int timeout return -1; } -#ifdef HAVE_PTHREAD_EXT - pthread_once(&sss_sd_key_init, init_sd_key); /* once for all threads */ - - /* It actually doesn't matter what value to set for a key. - * The only important thing: key must be non-NULL to ensure - * destructor is executed at thread exit. - */ - pthread_setspecific(sss_sd_key, &sss_cli_sd); -#endif - /* set as non-blocking, close on exec, and make sure standard * descriptors are not used */ sd = make_safe_fd(sd); @@ -617,7 +621,7 @@ static int sss_cli_open_socket(int *errnop, const char *socket_name, int timeout socklen_t errnosize; struct pollfd pfd; - wait_time += sleep_time; + wait_time += sleep_time * 1000; ret = connect(sd, (struct sockaddr *)&nssaddr, sizeof(nssaddr)); @@ -670,7 +674,7 @@ static int sss_cli_open_socket(int *errnop, const char *socket_name, int timeout return -1; } - ret = fstat(sd, &sss_cli_sb); + ret = sss_cli_sb_set_by_sd(sd); if (ret != 0) { close(sd); return -1; @@ -686,33 +690,79 @@ static enum sss_status sss_cli_check_socket(int *errnop, static pid_t mypid_s; static ino_t myself_ino; struct stat mypid_sb, myself_sb; + const struct stat *sss_cli_sb = NULL; pid_t mypid_d; int mysd; int ret; +#ifdef HAVE_PTHREAD_EXT + struct sss_socket_descriptor_t *descriptor = NULL; + + ret = pthread_once(&sss_sd_key_init, init_sd_key); /* once for all threads */ + if (ret != 0) { + *errnop = EFAULT; + return SSS_STATUS_UNAVAIL; + } + if (!sss_sd_key_initialized) { + /* pthread_once::init_sd_key::pthread_key_create failed -- game over? */ + *errnop = EFAULT; + return SSS_STATUS_UNAVAIL; + } + + if (pthread_getspecific(sss_sd_key) == NULL) { /* for every thread */ + descriptor = (struct sss_socket_descriptor_t *) + calloc(1, sizeof(struct sss_socket_descriptor_t)); + if (descriptor == NULL) { + *errnop = ENOMEM; + return SSS_STATUS_UNAVAIL; + } + descriptor->sd = -1; + ret = pthread_setspecific(sss_sd_key, descriptor); + if (ret != 0) { + free(descriptor); + *errnop = ENOMEM; + return SSS_STATUS_UNAVAIL; + } + } +#endif + sss_cli_sb = sss_cli_sb_get(); + if (sss_cli_sb == NULL) { + *errnop = EFAULT; + return SSS_STATUS_UNAVAIL; + } ret = lstat("/proc/self/", &myself_sb); mypid_d = getpid(); if (mypid_d != mypid_s || (ret == 0 && myself_sb.st_ino != myself_ino)) { - ret = fstat(sss_cli_sd, &mypid_sb); + ret = fstat(sss_cli_sd_get(), &mypid_sb); if (ret == 0) { if (S_ISSOCK(mypid_sb.st_mode) && - mypid_sb.st_dev == sss_cli_sb.st_dev && - mypid_sb.st_ino == sss_cli_sb.st_ino) { + mypid_sb.st_dev == sss_cli_sb->st_dev && + mypid_sb.st_ino == sss_cli_sb->st_ino) { sss_cli_close_socket(); } } - sss_cli_sd = -1; + sss_cli_sd_set(-1); mypid_s = mypid_d; myself_ino = myself_sb.st_ino; } + /* check if the socket has been hijacked */ + if (sss_cli_sd_get() != -1) { + ret = fstat(sss_cli_sd_get(), &mypid_sb); + if ((ret != 0) || (!S_ISSOCK(mypid_sb.st_mode)) + || (mypid_sb.st_dev != sss_cli_sb->st_dev) + || (mypid_sb.st_ino != sss_cli_sb->st_ino)) { + sss_cli_sd_set(-1); /* don't ruin app even if it's misbehaving */ + } + } + /* check if the socket has been closed on the other side */ - if (sss_cli_sd != -1) { + if (sss_cli_sd_get() != -1) { struct pollfd pfd; int res, error; *errnop = 0; - pfd.fd = sss_cli_sd; + pfd.fd = sss_cli_sd_get(); pfd.events = POLLIN | POLLOUT; do { @@ -738,7 +788,7 @@ static enum sss_status sss_cli_check_socket(int *errnop, *errnop = EPIPE; } else if (pfd.revents & POLLNVAL) { /* Invalid request: fd is not opened */ - sss_cli_sd = -1; + sss_cli_sd_set(-1); *errnop = EPIPE; } else if (!(pfd.revents & (POLLIN | POLLOUT))) { *errnop = EBUSY; @@ -760,7 +810,7 @@ static enum sss_status sss_cli_check_socket(int *errnop, return SSS_STATUS_UNAVAIL; } - sss_cli_sd = mysd; + sss_cli_sd_set(mysd); if (sss_cli_check_version(socket_name, timeout)) { return SSS_STATUS_SUCCESS; @@ -1015,7 +1065,7 @@ int sss_pam_make_request(enum sss_cli_command cmd, goto out; } - error = check_server_cred(sss_cli_sd); + error = check_server_cred(sss_cli_sd_get()); if (error != 0) { sss_cli_close_socket(); *errnop = error; @@ -1307,3 +1357,89 @@ errno_t sss_readrep_copy_string(const char *in, return EOK; } + +#ifdef HAVE_PTHREAD_EXT + +static int sss_cli_sd_get(void) +{ + if (!sss_sd_key_initialized) { + return -1; + } + + struct sss_socket_descriptor_t *descriptor = pthread_getspecific(sss_sd_key); + + if (descriptor == NULL) { /* sanity check */ + return -1; + } + + return descriptor->sd; +} + +static void sss_cli_sd_set(int sd) +{ + if (!sss_sd_key_initialized) { + return; + } + + struct sss_socket_descriptor_t *descriptor = pthread_getspecific(sss_sd_key); + + if (descriptor == NULL) { /* sanity check */ + return; + } + + descriptor->sd = sd; +} + +static const struct stat *sss_cli_sb_get(void) +{ + if (!sss_sd_key_initialized) { + return NULL; + } + + struct sss_socket_descriptor_t *descriptor = pthread_getspecific(sss_sd_key); + + if (descriptor == NULL) { /* sanity check */ + return NULL; + } + + return &descriptor->sb; +} + +static int sss_cli_sb_set_by_sd(int sd) +{ + if (!sss_sd_key_initialized) { + return -1; + } + + struct sss_socket_descriptor_t *descriptor = pthread_getspecific(sss_sd_key); + + if (descriptor == NULL) { /* sanity check */ + return -1; + } + + return fstat(sd, &descriptor->sb); +} + +#else + +static int sss_cli_sd_get(void) +{ + return _sss_cli_sd; +} + +static void sss_cli_sd_set(int sd) +{ + _sss_cli_sd = sd; +} + +static const struct stat *sss_cli_sb_get(void) +{ + return &_sss_cli_sb; +} + +static int sss_cli_sb_set_by_sd(int sd) +{ + return fstat(sd, &_sss_cli_sb); +} + +#endif diff --git a/src/sss_client/idmap/sss_nss_ex.c b/src/sss_client/idmap/sss_nss_ex.c index b5230d6b71d..24e2a6be917 100644 --- a/src/sss_client/idmap/sss_nss_ex.c +++ b/src/sss_client/idmap/sss_nss_ex.c @@ -241,8 +241,9 @@ static int sss_get_ex(struct nss_input *inp, uint32_t flags, /* Get number of results from repbuf. */ SAFEALIGN_COPY_UINT32(&num_results, repbuf, NULL); - /* no results if not found */ - if (num_results == 0) { + /* no results if not found, INITGR requests are handled separately */ + if (num_results == 0 && inp->cmd != SSS_NSS_INITGR + && inp->cmd != SSS_NSS_INITGR_EX) { ret = ENOENT; goto out; } diff --git a/src/sss_client/nss_mc.h b/src/sss_client/nss_mc.h index 9ab2736fa6b..646861ba522 100644 --- a/src/sss_client/nss_mc.h +++ b/src/sss_client/nss_mc.h @@ -53,6 +53,8 @@ struct sss_cli_mc_ctx { pthread_mutex_t *mutex; #endif int fd; + ino_t fd_inode; + dev_t fd_device; uint32_t seed; /* seed from the tables header */ @@ -69,9 +71,9 @@ struct sss_cli_mc_ctx { }; #if HAVE_PTHREAD -#define SSS_CLI_MC_CTX_INITIALIZER(mtx) {UNINITIALIZED, (mtx), -1, 0, NULL, 0, NULL, 0, NULL, 0, 0} +#define SSS_CLI_MC_CTX_INITIALIZER(mtx) {UNINITIALIZED, (mtx), -1, 0, 0, 0, NULL, 0, NULL, 0, NULL, 0, 0} #else -#define SSS_CLI_MC_CTX_INITIALIZER {UNINITIALIZED, -1, 0, NULL, 0, NULL, 0, NULL, 0, 0} +#define SSS_CLI_MC_CTX_INITIALIZER {UNINITIALIZED, -1, 0, 0, 0, NULL, 0, NULL, 0, NULL, 0, 0} #endif errno_t sss_nss_mc_get_ctx(const char *name, struct sss_cli_mc_ctx *ctx); diff --git a/src/sss_client/nss_mc_common.c b/src/sss_client/nss_mc_common.c index 3128861bf3a..17683ac0e5e 100644 --- a/src/sss_client/nss_mc_common.c +++ b/src/sss_client/nss_mc_common.c @@ -69,13 +69,49 @@ static void sss_mt_unlock(struct sss_cli_mc_ctx *ctx) #endif } +static errno_t sss_nss_mc_validate(struct sss_cli_mc_ctx *ctx) +{ + struct stat fdstat; + + /* No mc ctx initialized?*/ + if (ctx == NULL || ctx->fd < 0) { + return EINVAL; + } + + if (fstat(ctx->fd, &fdstat) == -1) { + return EINVAL; + } + + /* Memcache was removed. */ + if (fdstat.st_nlink == 0) { + return EINVAL; + } + + /* FD was hijacked */ + if ((fdstat.st_dev != ctx->fd_device) || (fdstat.st_ino != ctx->fd_inode)) { + ctx->fd = -1; /* don't ruin app even if it's misbehaving */ + return EINVAL; + } + + /* Invalid size. */ + if (fdstat.st_size != ctx->mmap_size) { + return EINVAL; + } + + return EOK; +} + errno_t sss_nss_check_header(struct sss_cli_mc_ctx *ctx) { struct sss_mc_header h; bool copy_ok; int count; int ret; - struct stat fdstat; + + ret = sss_nss_mc_validate(ctx); + if (ret != EOK) { + return ret; + } /* retry barrier protected reading max 5 times then give up */ for (count = 5; count > 0; count--) { @@ -115,16 +151,6 @@ errno_t sss_nss_check_header(struct sss_cli_mc_ctx *ctx) } } - ret = fstat(ctx->fd, &fdstat); - if (ret == -1) { - return EIO; - } - - if (fdstat.st_nlink == 0) { - /* memory cache was removed; we need to reinitialize it. */ - return EINVAL; - } - return 0; } @@ -141,6 +167,8 @@ static void sss_nss_mc_destroy_ctx(struct sss_cli_mc_ctx *ctx) close(ctx->fd); } ctx->fd = -1; + ctx->fd_inode = 0; + ctx->fd_device = 0; ctx->seed = 0; ctx->data_table = NULL; @@ -182,6 +210,8 @@ static errno_t sss_nss_mc_init_ctx(const char *name, ret = EIO; goto done; } + ctx->fd_inode = fdstat.st_ino; + ctx->fd_device = fdstat.st_dev; if (fdstat.st_size < MC_HEADER_SIZE) { ret = ENOMEM; diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index 4590fb008d6..a1c35360484 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -68,6 +68,7 @@ #define EXP_ACC_MSG _("Permission denied. ") #define SRV_MSG _("Server message: ") +#define PASSKEY_LOCAL_AUTH_MSG _("Kerberos TGT will not be granted upon login, user experience will be affected.") #define PASSKEY_DEFAULT_PIN_MSG _("Enter PIN:") #define DEBUG_MGS_LEN 1024 @@ -736,6 +737,24 @@ static int user_info_pin_locked(pam_handle_t *pamh) return PAM_SUCCESS; } +static int user_info_no_krb_tgt(pam_handle_t *pamh) +{ + int ret; + + ret = do_pam_conversation(pamh, PAM_TEXT_INFO, + _("No Kerberos TGT granted as " + "the server does not support this method. " + "Your single-sign on(SSO) experience will " + "be affected."), + NULL, NULL); + if (ret != PAM_SUCCESS) { + D(("do_pam_conversation failed.")); + return PAM_SYSTEM_ERR; + } + + return PAM_SUCCESS; +} + static int user_info_account_expired(pam_handle_t *pamh, size_t buflen, uint8_t *buf) { @@ -889,6 +908,9 @@ static int eval_user_info_response(pam_handle_t *pamh, size_t buflen, case SSS_PAM_USER_INFO_ACCOUNT_EXPIRED: ret = user_info_account_expired(pamh, buflen, buf); break; + case SSS_PAM_USER_INFO_NO_KRB_TGT: + ret = user_info_no_krb_tgt(pamh); + break; default: D(("Unknown user info type [%d]", type)); ret = PAM_SYSTEM_ERR; @@ -1827,8 +1849,8 @@ static int prompt_passkey(pam_handle_t *pamh, struct pam_items *pi, { int ret; const struct pam_conv *conv; - const struct pam_message *mesg[3] = { NULL, NULL, NULL }; - struct pam_message m[3] = { {0}, {0}, {0} }; + const struct pam_message *mesg[4] = { NULL, NULL, NULL, NULL }; + struct pam_message m[4] = { {0}, {0}, {0}, {0} }; struct pam_response *resp = NULL; bool kerberos_preauth; bool prompt_pin; @@ -1846,6 +1868,12 @@ static int prompt_passkey(pam_handle_t *pamh, struct pam_items *pi, } kerberos_preauth = pi->passkey_key != NULL ? true : false; + if (!kerberos_preauth) { + m[msg_idx].msg_style = PAM_TEXT_INFO; + m[msg_idx].msg = PASSKEY_LOCAL_AUTH_MSG; + msg_idx++; + } + if ((strcasecmp(pi->passkey_prompt_pin, "false")) == 0) { prompt_pin = false; } else { @@ -2549,6 +2577,11 @@ static int get_authtok_for_authentication(pam_handle_t *pamh, /* Fallback to password auth if no PIN was entered */ if (ret == EIO) { ret = prompt_password(pamh, pi, _("Password: ")); + if (pi->pam_authtok_size == 0) { + D(("Empty password failure")); + pi->passkey_prompt_pin = NULL; + return PAM_AUTHTOK_ERR; + } } } else { ret = prompt_password(pamh, pi, _("Password: ")); diff --git a/src/sss_client/sss_cli.h b/src/sss_client/sss_cli.h index dd36e215890..4614612b679 100644 --- a/src/sss_client/sss_cli.h +++ b/src/sss_client/sss_cli.h @@ -637,6 +637,9 @@ enum user_info_type { * specified length. */ SSS_PAM_USER_INFO_PIN_LOCKED, /**< Tell the user that the PIN is locked */ + SSS_PAM_USER_INFO_NO_KRB_TGT, /**< Tell the user that Kerberos local/offline + auth was performed, therefore no TGT + is granted */ }; /** * @} diff --git a/src/sss_iface/sbus_sss_client_async.c b/src/sss_iface/sbus_sss_client_async.c index 042d1b7b34f..5ca925283a3 100644 --- a/src/sss_iface/sbus_sss_client_async.c +++ b/src/sss_iface/sbus_sss_client_async.c @@ -1861,7 +1861,7 @@ sbus_call_dp_autofs_Enumerate_send const char * arg_mapname, uint32_t arg_cli_id) { - return sbus_method_in_usu_out__send(mem_ctx, conn, _sbus_sss_key_usu_0_1_2, + return sbus_method_in_usu_out__send(mem_ctx, conn, _sbus_sss_key_usu_0_1, busname, object_path, "sssd.DataProvider.Autofs", "Enumerate", arg_dp_flags, arg_mapname, arg_cli_id); } @@ -1883,7 +1883,7 @@ sbus_call_dp_autofs_GetEntry_send const char * arg_entryname, uint32_t arg_cli_id) { - return sbus_method_in_ussu_out__send(mem_ctx, conn, _sbus_sss_key_ussu_0_1_2_3, + return sbus_method_in_ussu_out__send(mem_ctx, conn, _sbus_sss_key_ussu_0_1_2, busname, object_path, "sssd.DataProvider.Autofs", "GetEntry", arg_dp_flags, arg_mapname, arg_entryname, arg_cli_id); } @@ -1904,7 +1904,7 @@ sbus_call_dp_autofs_GetMap_send const char * arg_mapname, uint32_t arg_cli_id) { - return sbus_method_in_usu_out__send(mem_ctx, conn, _sbus_sss_key_usu_0_1_2, + return sbus_method_in_usu_out__send(mem_ctx, conn, _sbus_sss_key_usu_0_1, busname, object_path, "sssd.DataProvider.Autofs", "GetMap", arg_dp_flags, arg_mapname, arg_cli_id); } @@ -2142,7 +2142,7 @@ sbus_call_dp_dp_getAccountDomain_send const char * arg_filter, uint32_t arg_cli_id) { - return sbus_method_in_uusu_out_qus_send(mem_ctx, conn, _sbus_sss_key_uusu_0_1_2_3, + return sbus_method_in_uusu_out_qus_send(mem_ctx, conn, _sbus_sss_key_uusu_0_1_2, busname, object_path, "sssd.dataprovider", "getAccountDomain", arg_dp_flags, arg_entry_type, arg_filter, arg_cli_id); } @@ -2170,7 +2170,7 @@ sbus_call_dp_dp_getAccountInfo_send const char * arg_extra, uint32_t arg_cli_id) { - return sbus_method_in_uusssu_out_qus_send(mem_ctx, conn, _sbus_sss_key_uusssu_0_1_2_3_4_5, + return sbus_method_in_uusssu_out_qus_send(mem_ctx, conn, _sbus_sss_key_uusssu_0_1_2_3_4, busname, object_path, "sssd.dataprovider", "getAccountInfo", arg_dp_flags, arg_entry_type, arg_filter, arg_domain, arg_extra, arg_cli_id); } @@ -2267,7 +2267,7 @@ sbus_call_dp_dp_resolverHandler_send const char * arg_filter_value, uint32_t arg_cli_id) { - return sbus_method_in_uuusu_out_qus_send(mem_ctx, conn, _sbus_sss_key_uuusu_0_1_2_3_4, + return sbus_method_in_uuusu_out_qus_send(mem_ctx, conn, _sbus_sss_key_uuusu_0_1_2_3, busname, object_path, "sssd.dataprovider", "resolverHandler", arg_dp_flags, arg_entry_type, arg_filter_type, arg_filter_value, arg_cli_id); } diff --git a/src/sss_iface/sbus_sss_interface.h b/src/sss_iface/sbus_sss_interface.h index fc86c71d908..5b4d1c362a1 100644 --- a/src/sss_iface/sbus_sss_interface.h +++ b/src/sss_iface/sbus_sss_interface.h @@ -166,7 +166,7 @@ &_sbus_sss_args_sssd_DataProvider_Autofs_Enumerate, \ NULL, \ _sbus_sss_invoke_in_usu_out__send, \ - _sbus_sss_key_usu_0_1_2, \ + _sbus_sss_key_usu_0_1, \ (handler), (data)); \ }) @@ -177,7 +177,7 @@ &_sbus_sss_args_sssd_DataProvider_Autofs_Enumerate, \ NULL, \ _sbus_sss_invoke_in_usu_out__send, \ - _sbus_sss_key_usu_0_1_2, \ + _sbus_sss_key_usu_0_1, \ (handler_send), (handler_recv), (data)); \ }) @@ -188,7 +188,7 @@ &_sbus_sss_args_sssd_DataProvider_Autofs_GetEntry, \ NULL, \ _sbus_sss_invoke_in_ussu_out__send, \ - _sbus_sss_key_ussu_0_1_2_3, \ + _sbus_sss_key_ussu_0_1_2, \ (handler), (data)); \ }) @@ -199,7 +199,7 @@ &_sbus_sss_args_sssd_DataProvider_Autofs_GetEntry, \ NULL, \ _sbus_sss_invoke_in_ussu_out__send, \ - _sbus_sss_key_ussu_0_1_2_3, \ + _sbus_sss_key_ussu_0_1_2, \ (handler_send), (handler_recv), (data)); \ }) @@ -210,7 +210,7 @@ &_sbus_sss_args_sssd_DataProvider_Autofs_GetMap, \ NULL, \ _sbus_sss_invoke_in_usu_out__send, \ - _sbus_sss_key_usu_0_1_2, \ + _sbus_sss_key_usu_0_1, \ (handler), (data)); \ }) @@ -221,7 +221,7 @@ &_sbus_sss_args_sssd_DataProvider_Autofs_GetMap, \ NULL, \ _sbus_sss_invoke_in_usu_out__send, \ - _sbus_sss_key_usu_0_1_2, \ + _sbus_sss_key_usu_0_1, \ (handler_send), (handler_recv), (data)); \ }) @@ -522,7 +522,7 @@ &_sbus_sss_args_sssd_dataprovider_getAccountDomain, \ NULL, \ _sbus_sss_invoke_in_uusu_out_qus_send, \ - _sbus_sss_key_uusu_0_1_2_3, \ + _sbus_sss_key_uusu_0_1_2, \ (handler), (data)); \ }) @@ -533,7 +533,7 @@ &_sbus_sss_args_sssd_dataprovider_getAccountDomain, \ NULL, \ _sbus_sss_invoke_in_uusu_out_qus_send, \ - _sbus_sss_key_uusu_0_1_2_3, \ + _sbus_sss_key_uusu_0_1_2, \ (handler_send), (handler_recv), (data)); \ }) @@ -544,7 +544,7 @@ &_sbus_sss_args_sssd_dataprovider_getAccountInfo, \ NULL, \ _sbus_sss_invoke_in_uusssu_out_qus_send, \ - _sbus_sss_key_uusssu_0_1_2_3_4_5, \ + _sbus_sss_key_uusssu_0_1_2_3_4, \ (handler), (data)); \ }) @@ -555,7 +555,7 @@ &_sbus_sss_args_sssd_dataprovider_getAccountInfo, \ NULL, \ _sbus_sss_invoke_in_uusssu_out_qus_send, \ - _sbus_sss_key_uusssu_0_1_2_3_4_5, \ + _sbus_sss_key_uusssu_0_1_2_3_4, \ (handler_send), (handler_recv), (data)); \ }) @@ -632,7 +632,7 @@ &_sbus_sss_args_sssd_dataprovider_resolverHandler, \ NULL, \ _sbus_sss_invoke_in_uuusu_out_qus_send, \ - _sbus_sss_key_uuusu_0_1_2_3_4, \ + _sbus_sss_key_uuusu_0_1_2_3, \ (handler), (data)); \ }) @@ -643,7 +643,7 @@ &_sbus_sss_args_sssd_dataprovider_resolverHandler, \ NULL, \ _sbus_sss_invoke_in_uuusu_out_qus_send, \ - _sbus_sss_key_uuusu_0_1_2_3_4, \ + _sbus_sss_key_uuusu_0_1_2_3, \ (handler_send), (handler_recv), (data)); \ }) diff --git a/src/sss_iface/sbus_sss_keygens.c b/src/sss_iface/sbus_sss_keygens.c index 1bffc1360fc..0bded60f839 100644 --- a/src/sss_iface/sbus_sss_keygens.c +++ b/src/sss_iface/sbus_sss_keygens.c @@ -90,86 +90,86 @@ _sbus_sss_key_ussu_0_1 } const char * -_sbus_sss_key_ussu_0_1_2_3 +_sbus_sss_key_ussu_0_1_2 (TALLOC_CTX *mem_ctx, struct sbus_request *sbus_req, struct _sbus_sss_invoker_args_ussu *args) { if (sbus_req->sender == NULL) { - return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%s:%s:%" PRIu32 "", + return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%s:%s", sbus_req->type, sbus_req->interface, sbus_req->member, - sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3); + sbus_req->path, args->arg0, args->arg1, args->arg2); } - return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%s:%s:%" PRIu32 "", + return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%s:%s", sbus_req->sender->uid, sbus_req->type, sbus_req->interface, sbus_req->member, - sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3); + sbus_req->path, args->arg0, args->arg1, args->arg2); } const char * -_sbus_sss_key_usu_0_1_2 +_sbus_sss_key_usu_0_1 (TALLOC_CTX *mem_ctx, struct sbus_request *sbus_req, struct _sbus_sss_invoker_args_usu *args) { if (sbus_req->sender == NULL) { - return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%s:%" PRIu32 "", + return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%s", sbus_req->type, sbus_req->interface, sbus_req->member, - sbus_req->path, args->arg0, args->arg1, args->arg2); + sbus_req->path, args->arg0, args->arg1); } - return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%s:%" PRIu32 "", + return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%s", sbus_req->sender->uid, sbus_req->type, sbus_req->interface, sbus_req->member, - sbus_req->path, args->arg0, args->arg1, args->arg2); + sbus_req->path, args->arg0, args->arg1); } const char * -_sbus_sss_key_uusssu_0_1_2_3_4_5 +_sbus_sss_key_uusssu_0_1_2_3_4 (TALLOC_CTX *mem_ctx, struct sbus_request *sbus_req, struct _sbus_sss_invoker_args_uusssu *args) { if (sbus_req->sender == NULL) { - return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s:%s:%s:%" PRIu32 "", + return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s:%s:%s", sbus_req->type, sbus_req->interface, sbus_req->member, - sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3, args->arg4, args->arg5); + sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3, args->arg4); } - return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s:%s:%s:%" PRIu32 "", + return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s:%s:%s", sbus_req->sender->uid, sbus_req->type, sbus_req->interface, sbus_req->member, - sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3, args->arg4, args->arg5); + sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3, args->arg4); } const char * -_sbus_sss_key_uusu_0_1_2_3 +_sbus_sss_key_uusu_0_1_2 (TALLOC_CTX *mem_ctx, struct sbus_request *sbus_req, struct _sbus_sss_invoker_args_uusu *args) { if (sbus_req->sender == NULL) { - return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s:%" PRIu32 "", + return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s", sbus_req->type, sbus_req->interface, sbus_req->member, - sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3); + sbus_req->path, args->arg0, args->arg1, args->arg2); } - return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s:%" PRIu32 "", + return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s", sbus_req->sender->uid, sbus_req->type, sbus_req->interface, sbus_req->member, - sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3); + sbus_req->path, args->arg0, args->arg1, args->arg2); } const char * -_sbus_sss_key_uuusu_0_1_2_3_4 +_sbus_sss_key_uuusu_0_1_2_3 (TALLOC_CTX *mem_ctx, struct sbus_request *sbus_req, struct _sbus_sss_invoker_args_uuusu *args) { if (sbus_req->sender == NULL) { - return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%" PRIu32 ":%s:%" PRIu32 "", + return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%" PRIu32 ":%s", sbus_req->type, sbus_req->interface, sbus_req->member, - sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3, args->arg4); + sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3); } - return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%" PRIu32 ":%s:%" PRIu32 "", + return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%" PRIu32 ":%s", sbus_req->sender->uid, sbus_req->type, sbus_req->interface, sbus_req->member, - sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3, args->arg4); + sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3); } diff --git a/src/sss_iface/sbus_sss_keygens.h b/src/sss_iface/sbus_sss_keygens.h index 8f09b46de55..7e42c2c53f7 100644 --- a/src/sss_iface/sbus_sss_keygens.h +++ b/src/sss_iface/sbus_sss_keygens.h @@ -49,31 +49,31 @@ _sbus_sss_key_ussu_0_1 struct _sbus_sss_invoker_args_ussu *args); const char * -_sbus_sss_key_ussu_0_1_2_3 +_sbus_sss_key_ussu_0_1_2 (TALLOC_CTX *mem_ctx, struct sbus_request *sbus_req, struct _sbus_sss_invoker_args_ussu *args); const char * -_sbus_sss_key_usu_0_1_2 +_sbus_sss_key_usu_0_1 (TALLOC_CTX *mem_ctx, struct sbus_request *sbus_req, struct _sbus_sss_invoker_args_usu *args); const char * -_sbus_sss_key_uusssu_0_1_2_3_4_5 +_sbus_sss_key_uusssu_0_1_2_3_4 (TALLOC_CTX *mem_ctx, struct sbus_request *sbus_req, struct _sbus_sss_invoker_args_uusssu *args); const char * -_sbus_sss_key_uusu_0_1_2_3 +_sbus_sss_key_uusu_0_1_2 (TALLOC_CTX *mem_ctx, struct sbus_request *sbus_req, struct _sbus_sss_invoker_args_uusu *args); const char * -_sbus_sss_key_uuusu_0_1_2_3_4 +_sbus_sss_key_uuusu_0_1_2_3 (TALLOC_CTX *mem_ctx, struct sbus_request *sbus_req, struct _sbus_sss_invoker_args_uuusu *args); diff --git a/src/sss_iface/sss_iface.xml b/src/sss_iface/sss_iface.xml index 6709c4e48a0..82c65aa0b84 100644 --- a/src/sss_iface/sss_iface.xml +++ b/src/sss_iface/sss_iface.xml @@ -91,18 +91,18 @@ <method name="GetMap"> <arg name="dp_flags" type="u" direction="in" key="1" /> <arg name="mapname" type="s" direction="in" key="2" /> - <arg name="cli_id" type="u" direction="in" key="3" /> + <arg name="cli_id" type="u" direction="in" /> </method> <method name="GetEntry"> <arg name="dp_flags" type="u" direction="in" key="1" /> <arg name="mapname" type="s" direction="in" key="2" /> <arg name="entryname" type="s" direction="in" key="3" /> - <arg name="cli_id" type="u" direction="in" key="4" /> + <arg name="cli_id" type="u" direction="in" /> </method> <method name="Enumerate"> <arg name="dp_flags" type="u" direction="in" key="1" /> <arg name="mapname" type="s" direction="in" key="2" /> - <arg name="cli_id" type="u" direction="in" key="3" /> + <arg name="cli_id" type="u" direction="in" /> </method> </interface> @@ -133,7 +133,7 @@ <arg name="entry_type" type="u" direction="in" key="2" /> <arg name="filter_type" type="u" direction="in" key="3" /> <arg name="filter_value" type="s" direction="in" key="4" /> - <arg name="cli_id" type="u" direction="in" key="5" /> + <arg name="cli_id" type="u" direction="in" /> <arg name="dp_error" type="q" direction="out" /> <arg name="error" type="u" direction="out" /> <arg name="error_message" type="s" direction="out" /> @@ -150,7 +150,7 @@ <arg name="filter" type="s" direction="in" key="3" /> <arg name="domain" type="s" direction="in" key="4" /> <arg name="extra" type="s" direction="in" key="5" /> - <arg name="cli_id" type="u" direction="in" key="6" /> + <arg name="cli_id" type="u" direction="in" /> <arg name="dp_error" type="q" direction="out" /> <arg name="error" type="u" direction="out" /> <arg name="error_message" type="s" direction="out" /> @@ -159,7 +159,7 @@ <arg name="dp_flags" type="u" direction="in" key="1" /> <arg name="entry_type" type="u" direction="in" key="2" /> <arg name="filter" type="s" direction="in" key="3" /> - <arg name="cli_id" type="u" direction="in" key="4" /> + <arg name="cli_id" type="u" direction="in" /> <arg name="dp_error" type="q" direction="out" /> <arg name="error" type="u" direction="out" /> <arg name="domain_name" type="s" direction="out" /> diff --git a/src/sysv/systemd/sssd-sudo.service.in b/src/sysv/systemd/sssd-sudo.service.in index f13d88107ec..539fd994411 100644 --- a/src/sysv/systemd/sssd-sudo.service.in +++ b/src/sysv/systemd/sssd-sudo.service.in @@ -12,7 +12,7 @@ Also=sssd-sudo.socket Environment=DEBUG_LOGGER=--logger=files EnvironmentFile=-@environment_file@ ExecStartPre=-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_sudo.log -ExecStart=@libexecdir@/sssd/sssd_sudo --socket-activated +ExecStart=@libexecdir@/sssd/sssd_sudo ${DEBUG_LOGGER} --socket-activated Restart=on-failure User=@SSSD_USER@ Group=@SSSD_USER@ diff --git a/src/tests/cmocka/sss_nss_idmap-tests.c b/src/tests/cmocka/sss_nss_idmap-tests.c index 880bab0e586..30b24a57eaa 100644 --- a/src/tests/cmocka/sss_nss_idmap-tests.c +++ b/src/tests/cmocka/sss_nss_idmap-tests.c @@ -30,6 +30,7 @@ #include "util/util.h" #include "util/sss_endian.h" +#define IPA_389DS_PLUGIN_HELPER_CALLS 1 #include "sss_client/idmap/sss_nss_idmap.h" #include "tests/cmocka/common_mock.h" @@ -50,6 +51,8 @@ uint8_t buf3[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x uint8_t buf4[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 't', 'e', 's', 't', 'x'}; uint8_t buf_orig1[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 'k', 'e', 'y', 0x00, 'v', 'a', 'l', 'u', 'e', 0x00}; + +uint8_t buf_initgr[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xde, 0x00, 0x00, 0x00}; #elif (__BYTE_ORDER == __BIG_ENDIAN) uint8_t buf1[] = {0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 't', 'e', 's', 't', 0x00}; uint8_t buf2[] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 't', 'e', 's', 't', 0x00}; @@ -57,10 +60,14 @@ uint8_t buf3[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x uint8_t buf4[] = {0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 't', 'e', 's', 't', 'x'}; uint8_t buf_orig1[] = {0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 'k', 'e', 'y', 0x00, 'v', 'a', 'l', 'u', 'e', 0x00}; + +uint8_t buf_initgr[] = {0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xde}; #else #error "unknow endianess" #endif +uint8_t buf_initgr_no_gr[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + enum nss_status __wrap_sss_nss_make_request_timeout(enum sss_cli_command cmd, struct sss_cli_req_data *rd, int timeout, @@ -148,12 +155,37 @@ void test_getorigbyname(void **state) sss_nss_free_kv(kv_list); } +void test_sss_nss_getgrouplist_timeout(void **state) +{ + int ret; + gid_t groups[10]; + int ngroups = sizeof(groups); + struct sss_nss_make_request_test_data d = {buf_initgr, sizeof(buf_initgr), 0, NSS_STATUS_SUCCESS}; + + will_return(__wrap_sss_nss_make_request_timeout, &d); + ret = sss_nss_getgrouplist_timeout("test", 111, groups, &ngroups, 0, 0); + assert_int_equal(ret, EOK); + assert_int_equal(ngroups, 2); + assert_int_equal(groups[0], 111); + assert_int_equal(groups[1], 222); + + d.repbuf = buf_initgr_no_gr; + d.replen = sizeof(buf_initgr_no_gr); + + will_return(__wrap_sss_nss_make_request_timeout, &d); + ret = sss_nss_getgrouplist_timeout("test", 111, groups, &ngroups, 0, 0); + assert_int_equal(ret, EOK); + assert_int_equal(ngroups, 1); + assert_int_equal(groups[0], 111); +} + int main(int argc, const char *argv[]) { const struct CMUnitTest tests[] = { cmocka_unit_test(test_getsidbyname), cmocka_unit_test(test_getorigbyname), + cmocka_unit_test(test_sss_nss_getgrouplist_timeout), }; return cmocka_run_group_tests(tests, NULL, NULL); diff --git a/src/tests/cmocka/test_ad_gpo.c b/src/tests/cmocka/test_ad_gpo.c index 8660b051071..d49f6c54c2d 100644 --- a/src/tests/cmocka/test_ad_gpo.c +++ b/src/tests/cmocka/test_ad_gpo.c @@ -270,6 +270,8 @@ static void test_ad_gpo_ace_includes_client_sid(const char *user_sid, const char *host_sid, const char **group_sids, int group_size, + const char **host_group_sids, + int host_group_size, struct dom_sid ace_dom_sid, bool expected) { @@ -288,8 +290,9 @@ static void test_ad_gpo_ace_includes_client_sid(const char *user_sid, assert_int_equal(err, IDMAP_SUCCESS); ret = ad_gpo_ace_includes_client_sid(user_sid, host_sid, group_sids, - group_size, ace_dom_sid, idmap_ctx, - &includes_client_sid); + group_size, host_group_sids, + host_group_size, ace_dom_sid, + idmap_ctx, &includes_client_sid); talloc_free(idmap_ctx); assert_int_equal(ret, EOK); @@ -312,8 +315,12 @@ void test_ad_gpo_ace_includes_client_sid_true(void **state) const char *group_sids[] = {"S-1-5-21-2-3-4", "S-1-5-21-2-3-5"}; + int host_group_size = 0; + const char *host_group_sids[] = { NULL }; + test_ad_gpo_ace_includes_client_sid(user_sid, host_sid, group_sids, - group_size, ace_dom_sid, true); + group_size, host_group_sids, + host_group_size, ace_dom_sid, true); } void test_ad_gpo_ace_includes_client_sid_false(void **state) @@ -328,8 +335,12 @@ void test_ad_gpo_ace_includes_client_sid_false(void **state) const char *group_sids[] = {"S-1-5-21-2-3-5", "S-1-5-21-2-3-6"}; + int host_group_size = 0; + const char *host_group_sids[] = { NULL }; + test_ad_gpo_ace_includes_client_sid(user_sid, host_sid, group_sids, - group_size, ace_dom_sid, false); + group_size, host_group_sids, + host_group_size, ace_dom_sid, false); } void test_ad_gpo_ace_includes_host_sid_true(void **state) @@ -343,8 +354,12 @@ void test_ad_gpo_ace_includes_host_sid_true(void **state) int group_size = 0; const char *group_sids[] = {}; + int host_group_size = 0; + const char *host_group_sids[] = { NULL }; + test_ad_gpo_ace_includes_client_sid(user_sid, host_sid, group_sids, - group_size, ace_dom_sid, true); + group_size, host_group_sids, + host_group_size, ace_dom_sid, true); } uint8_t test_sid_data[] = { diff --git a/src/tests/cmocka/test_certmap.c b/src/tests/cmocka/test_certmap.c index da312beaf95..a15984d60b9 100644 --- a/src/tests/cmocka/test_certmap.c +++ b/src/tests/cmocka/test_certmap.c @@ -2183,6 +2183,28 @@ static void test_sss_certmap_ldapu1_cert(void **state) assert_non_null(ctx); assert_null(ctx->prio_list); + /* cert!sha */ + ret = sss_certmap_add_rule(ctx, 91, + "KRB5:<ISSUER>.*", + "LDAP:rule91={cert!sha}", NULL); + assert_int_equal(ret, EINVAL); + + ret = sss_certmap_add_rule(ctx, 91, + "KRB5:<ISSUER>.*", + "LDAPU1:rule91={cert!sha}", NULL); + assert_int_equal(ret, EINVAL); + + /* cert!sha_u */ + ret = sss_certmap_add_rule(ctx, 90, + "KRB5:<ISSUER>.*", + "LDAP:rule90={cert!sha_u}", NULL); + assert_int_equal(ret, EINVAL); + + ret = sss_certmap_add_rule(ctx, 99, + "KRB5:<ISSUER>.*", + "LDAPU1:rule90={cert!sha_u}", NULL); + assert_int_equal(ret, EINVAL); + /* cert!sha555 */ ret = sss_certmap_add_rule(ctx, 89, "KRB5:<ISSUER>.*", diff --git a/src/tests/cmocka/test_child_common.c b/src/tests/cmocka/test_child_common.c index 189d62cd93a..18d5b0b6a2a 100644 --- a/src/tests/cmocka/test_child_common.c +++ b/src/tests/cmocka/test_child_common.c @@ -30,6 +30,8 @@ #define TEST_BIN "dummy-child" #define ECHO_STR "Hello child" +#define ECHO_LARGE_STR "Lorem ipsum dolor sit amet consectetur adipiscing elit, urna consequat felis vehicula class ultricies mollis dictumst, aenean non a in donec nulla. Phasellus ante pellentesque erat cum risus consequat imperdiet aliquam, integer placerat et turpis mi eros nec lobortis taciti, vehicula nisl litora tellus ligula porttitor metus. Vivamus integer non suscipit taciti mus etiam at primis tempor sagittis sit, euismod libero facilisi aptent elementum felis blandit cursus gravida sociis erat ante, eleifend lectus nullam dapibus netus feugiat curae curabitur est ad. Massa curae fringilla porttitor quam sollicitudin iaculis aptent leo ligula euismod dictumst, orci penatibus mauris eros etiam praesent erat volutpat posuere hac. Metus fringilla nec ullamcorper odio aliquam lacinia conubia mauris tempor, etiam ultricies proin quisque lectus sociis id tristique, integer phasellus taciti pretium adipiscing tortor sagittis ligula. Mollis pretium lorem primis senectus habitasse lectus scelerisque donec, ultricies tortor suspendisse adipiscing fusce morbi volutpat pellentesque, consectetur mi risus molestie curae malesuada cum. Dignissim lacus convallis massa mauris enim ad mattis magnis senectus montes, mollis taciti phasellus accumsan bibendum semper blandit suspendisse faucibus nibh est, metus lobortis morbi cras magna vivamus per risus fermentum. Dapibus imperdiet praesent magnis ridiculus congue gravida curabitur dictum sagittis, enim et magna sit inceptos sodales parturient pharetra mollis, aenean vel nostra tellus commodo pretium sapien sociosqu." + static int destructor_called; @@ -220,7 +222,8 @@ void test_exec_child_only_extra_args_neg(void **state) struct tevent_req *echo_child_write_send(TALLOC_CTX *mem_ctx, struct child_test_ctx *child_tctx, struct child_io_fds *io_fds, - const char *input); + const char *input, + bool safe); static void echo_child_write_done(struct tevent_req *subreq); static void echo_child_read_done(struct tevent_req *subreq); @@ -317,9 +320,11 @@ void test_child_cb(int child_status, child_ctx->test_ctx->done = true; } -/* Test that writing to the pipes works as expected */ -void test_exec_child_echo(void **state) +void test_exec_child_echo(void **state, + const char *msg, + bool safe) { + errno_t ret; pid_t child_pid; struct child_test_ctx *child_tctx = talloc_get_type(*state, @@ -359,7 +364,7 @@ void test_exec_child_echo(void **state) NULL, NULL, NULL); assert_int_equal(ret, EOK); - req = echo_child_write_send(child_tctx, child_tctx, io_fds, ECHO_STR); + req = echo_child_write_send(child_tctx, child_tctx, io_fds, msg, safe); assert_non_null(req); ret = test_ev_loop(child_tctx->test_ctx); @@ -367,16 +372,41 @@ void test_exec_child_echo(void **state) assert_int_equal(ret, EOK); } +/* Test that writing a small message to the pipes works as expected */ +void test_exec_child_echo_small(void **state) +{ + test_exec_child_echo(state, ECHO_STR, false); +} + +void test_exec_child_echo_small_safe(void **state) +{ + test_exec_child_echo(state, ECHO_STR, true); +} + +/* Test that writing a large message to the pipes works as expected, + * test will still fail if message exceeds IN_BUF_SIZE */ +void test_exec_child_echo_large(void **state) +{ + test_exec_child_echo(state, ECHO_LARGE_STR, false); +} + +void test_exec_child_echo_large_safe(void **state) +{ + test_exec_child_echo(state, ECHO_LARGE_STR, true); +} + struct test_exec_echo_state { struct child_io_fds *io_fds; struct io_buffer buf; struct child_test_ctx *child_test_ctx; + bool safe; }; struct tevent_req *echo_child_write_send(TALLOC_CTX *mem_ctx, struct child_test_ctx *child_tctx, struct child_io_fds *io_fds, - const char *input) + const char *input, + bool safe) { struct tevent_req *req; struct tevent_req *subreq; @@ -391,11 +421,18 @@ struct tevent_req *echo_child_write_send(TALLOC_CTX *mem_ctx, assert_non_null(echo_state->buf.data); echo_state->buf.size = strlen(input) + 1; echo_state->io_fds = io_fds; + echo_state->safe = safe; DEBUG(SSSDBG_TRACE_INTERNAL, "Writing..\n"); - subreq = write_pipe_send(child_tctx, child_tctx->test_ctx->ev, - echo_state->buf.data, echo_state->buf.size, - echo_state->io_fds->write_to_child_fd); + if (echo_state->safe) { + subreq = write_pipe_safe_send(child_tctx, child_tctx->test_ctx->ev, + echo_state->buf.data, echo_state->buf.size, + echo_state->io_fds->write_to_child_fd); + } else { + subreq = write_pipe_send(child_tctx, child_tctx->test_ctx->ev, + echo_state->buf.data, echo_state->buf.size, + echo_state->io_fds->write_to_child_fd); + } assert_non_null(subreq); tevent_req_set_callback(subreq, echo_child_write_done, req); @@ -411,7 +448,12 @@ static void echo_child_write_done(struct tevent_req *subreq) req = tevent_req_callback_data(subreq, struct tevent_req); echo_state = tevent_req_data(req, struct test_exec_echo_state); - ret = write_pipe_recv(subreq); + if (echo_state->safe) { + ret = write_pipe_safe_recv(subreq); + } else { + ret = write_pipe_recv(subreq); + } + DEBUG(SSSDBG_TRACE_INTERNAL, "Writing OK\n"); talloc_zfree(subreq); assert_int_equal(ret, EOK); @@ -420,9 +462,16 @@ static void echo_child_write_done(struct tevent_req *subreq) echo_state->io_fds->write_to_child_fd = -1; DEBUG(SSSDBG_TRACE_INTERNAL, "Reading..\n"); - subreq = read_pipe_send(echo_state, - echo_state->child_test_ctx->test_ctx->ev, - echo_state->io_fds->read_from_child_fd); + if (echo_state->safe) { + subreq = read_pipe_safe_send(echo_state, + echo_state->child_test_ctx->test_ctx->ev, + echo_state->io_fds->read_from_child_fd); + } else { + subreq = read_pipe_send(echo_state, + echo_state->child_test_ctx->test_ctx->ev, + echo_state->io_fds->read_from_child_fd); + } + assert_non_null(subreq); tevent_req_set_callback(subreq, echo_child_read_done, req); } @@ -438,7 +487,12 @@ static void echo_child_read_done(struct tevent_req *subreq) req = tevent_req_callback_data(subreq, struct tevent_req); echo_state = tevent_req_data(req, struct test_exec_echo_state); - ret = read_pipe_recv(subreq, echo_state, &buf, &len); + if (echo_state->safe) { + ret = read_pipe_safe_recv(subreq, echo_state, &buf, &len); + } else { + ret = read_pipe_recv(subreq, echo_state, &buf, &len); + } + talloc_zfree(subreq); DEBUG(SSSDBG_TRACE_INTERNAL, "Reading OK\n"); assert_int_equal(ret, EOK); @@ -524,7 +578,16 @@ int main(int argc, const char *argv[]) cmocka_unit_test_setup_teardown(test_exec_child_handler, child_test_setup, child_test_teardown), - cmocka_unit_test_setup_teardown(test_exec_child_echo, + cmocka_unit_test_setup_teardown(test_exec_child_echo_small, + child_test_setup, + child_test_teardown), + cmocka_unit_test_setup_teardown(test_exec_child_echo_large, + child_test_setup, + child_test_teardown), + cmocka_unit_test_setup_teardown(test_exec_child_echo_small_safe, + child_test_setup, + child_test_teardown), + cmocka_unit_test_setup_teardown(test_exec_child_echo_large_safe, child_test_setup, child_test_teardown), cmocka_unit_test_setup_teardown(test_sss_child, diff --git a/src/tests/cmocka/test_dyndns.c b/src/tests/cmocka/test_dyndns.c index 1ef5a90194c..7526c16a86d 100644 --- a/src/tests/cmocka/test_dyndns.c +++ b/src/tests/cmocka/test_dyndns.c @@ -663,11 +663,13 @@ void dyndns_test_create_ptr_msg(void **state) assert_string_equal(msg, "\nupdate delete 1.0.168.192.in-addr.arpa. in PTR\n" "update add 1.0.168.192.in-addr.arpa. 1234 in PTR bran_stark.\n" + "send\n" "update delete 2.0.168.192.in-addr.arpa. in PTR\n" "update add 2.0.168.192.in-addr.arpa. 1234 in PTR bran_stark.\n" "send\n" "update delete 4.4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.b.d.c.1.0.0.2.ip6.arpa. in PTR\n" "update add 4.4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.b.d.c.1.0.0.2.ip6.arpa. 1234 in PTR bran_stark.\n" + "send\n" "update delete 5.5.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.b.d.c.1.0.0.2.ip6.arpa. in PTR\n" "update add 5.5.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.b.d.c.1.0.0.2.ip6.arpa. 1234 in PTR bran_stark.\n" "send\n"); @@ -680,10 +682,13 @@ void dyndns_test_create_ptr_msg(void **state) assert_string_equal(msg, "\nupdate delete 1.0.168.192.in-addr.arpa. in PTR\n" "update add 1.0.168.192.in-addr.arpa. 1234 in PTR bran_stark.\n" + "send\n" "update delete 2.0.168.192.in-addr.arpa. in PTR\n" "update add 2.0.168.192.in-addr.arpa. 1234 in PTR bran_stark.\n" + "send\n" "update delete 4.4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.b.d.c.1.0.0.2.ip6.arpa. in PTR\n" "update add 4.4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.b.d.c.1.0.0.2.ip6.arpa. 1234 in PTR bran_stark.\n" + "send\n" "update delete 5.5.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.b.d.c.1.0.0.2.ip6.arpa. in PTR\n" "update add 5.5.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.b.d.c.1.0.0.2.ip6.arpa. 1234 in PTR bran_stark.\n" "send\n"); diff --git a/src/tests/cmocka/test_krb5_passkey_plugin.c b/src/tests/cmocka/test_krb5_passkey_plugin.c index 1a0c87adcba..9593a65468c 100644 --- a/src/tests/cmocka/test_krb5_passkey_plugin.c +++ b/src/tests/cmocka/test_krb5_passkey_plugin.c @@ -120,16 +120,6 @@ void test_sss_passkey_message_encode__challenge(void **state) str = sss_passkey_message_encode(&message); assert_null(str); - challenge.domain = discard_const("domain"); - challenge.credential_id_list = discard_const(id_list); - challenge.user_verification = 0; - challenge.cryptographic_challenge = discard_const("crypto-challenge"); - message.phase = SSS_PASSKEY_PHASE_CHALLENGE; - message.state = discard_const("abcd"); - message.data.challenge = &challenge; - str = sss_passkey_message_encode(&message); - assert_null(str); - challenge.domain = discard_const("domain"); challenge.credential_id_list = discard_const(id_list); challenge.user_verification = 1; diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c index 7925aa2f0a8..c17a4973faf 100644 --- a/src/tests/cmocka/test_nss_srv.c +++ b/src/tests/cmocka/test_nss_srv.c @@ -35,6 +35,7 @@ #include "util/util_sss_idmap.h" #include "util/crypto/sss_crypto.h" #include "util/sss_endian.h" +#include "db/sysdb.h" #include "db/sysdb_iphosts.h" #include "db/sysdb_ipnetworks.h" @@ -57,7 +58,31 @@ struct sss_nss_test_ctx { int ncache_hits; }; -const char *global_extra_attrs[] = {"phone", "mobile", NULL}; +#define EXTRA_ATTRS "phone", "mobile" + +/* This list comes from nsssrv.c:sss_nss_get_config() and must be kept aligned */ +#define ORIG_ATTRS SYSDB_SID_STR, \ + ORIGINALAD_PREFIX SYSDB_NAME, \ + ORIGINALAD_PREFIX SYSDB_UIDNUM, \ + ORIGINALAD_PREFIX SYSDB_GIDNUM, \ + ORIGINALAD_PREFIX SYSDB_HOMEDIR, \ + ORIGINALAD_PREFIX SYSDB_GECOS, \ + ORIGINALAD_PREFIX SYSDB_SHELL, \ + SYSDB_UPN, \ + SYSDB_DEFAULT_OVERRIDE_NAME, \ + SYSDB_AD_ACCOUNT_EXPIRES, \ + SYSDB_AD_USER_ACCOUNT_CONTROL, \ + SYSDB_SSH_PUBKEY, \ + SYSDB_USER_CERT, \ + SYSDB_USER_EMAIL, \ + SYSDB_ORIG_DN, \ + SYSDB_ORIG_MEMBEROF + + +const char *global_extra_attrs[] = { EXTRA_ATTRS, NULL }; +const char *global_orig_attrs[] = { ORIG_ATTRS, NULL }; +const char *global_full_attrs[] = { ORIG_ATTRS, EXTRA_ATTRS, NULL }; + struct sss_nss_test_ctx *sss_nss_test_ctx; @@ -1457,6 +1482,8 @@ void test_sss_nss_setup(struct sss_test_conf_param params[], /* do after previous setup as the former nulls protocol_ctx */ sss_nss_test_ctx->cctx->protocol_ctx = mock_prctx(sss_nss_test_ctx->cctx); assert_non_null(sss_nss_test_ctx->cctx->protocol_ctx); + + sss_nss_test_ctx->nctx->full_attribute_list = global_orig_attrs; } struct group getgrnam_no_members = { @@ -3643,6 +3670,8 @@ static int sss_nss_test_setup_extra_attr(void **state) test_sss_nss_setup(params, state); sss_nss_test_ctx->nctx->extra_attributes = global_extra_attrs; + sss_nss_test_ctx->nctx->full_attribute_list = global_full_attrs; + return 0; } diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c index e90a8bbb0e7..faa434328fd 100644 --- a/src/tests/cmocka/test_pam_srv.c +++ b/src/tests/cmocka/test_pam_srv.c @@ -99,6 +99,15 @@ "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEKhSQWMPgAUcz4d7Fjz2hZK7QUlnAttuEW5Xr" \ "xD06VBaQvIRYJT7e6wM+vFU4z+uQgU9B5ERbgMiBVe99rBL9w==" +#define SSSD_TEST_PUBKEY \ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCa+l8uZ6Q5G58PVMe1na7NrOMTzo2wOZfFwo" \ + "0fM3RbvfAdlz/wsGwln2+EXA19FiXu/nNj4EwYGP9hymKuYaXzpq40k0VbhEL1v/qzXQvuKZgN" \ + "x42vxi7NITaaAXuYj8OZQsZTvv+xgkREZmhQ6YqEjTJ0JzpD9fj8Gf8Mgn8pdsb/ZODLMAwEKt" \ + "Q2DaWqH5jCqzoGEJlRl+kRbnrHc+RQrmj7NnY1voEJNrmzCyJFH5awZyBl/ZdbvpnwCKnVEleB" \ + "FULrOIfJ9lc/QMmURCMa6RfW5CFrxdtjUwiIxfMiHe+zUY5T9L0Q6FWnlfNz/63Xdcrw1Gc90O" \ + "CZKcqf/4P9N5flGSGSfiO5fD8gCCJ0c3WhxSVMREDP3ibKDsz8yhw2OuyGcfRo4nnchxy9G703" \ + "1m2t9rUXc12eS1EKGJiPiT9IuTQ9nCG2PslkqR+KUMiYoS9MqTsAj9HhuTMkFhcYFyufxFmt/S" \ + "4rIqVwmP8lY4GwwJwOnZwNLj/I2HwC+pk= testuser@fedora.test.local" int no_cleanup; @@ -315,6 +324,7 @@ static int pam_test_setup(void **state) { "enumerate", "false" }, { "cache_credentials", "true" }, { "entry_cache_timeout", "300" }, + { "local_auth_policy", "enable:smartcard" }, /* Needed to allow local sc auth */ { NULL, NULL }, /* Sentinel */ }; @@ -336,12 +346,43 @@ static int pam_test_setup(void **state) return 0; } +#ifdef BUILD_PASSKEY +static int pam_test_setup_passkey(void **state) +{ + struct sss_test_conf_param dom_params[] = { + { "enumerate", "false" }, + { "cache_credentials", "true" }, + { "entry_cache_timeout", "300" }, + { "local_auth_policy", "enable:passkey" }, /* Needed to allow local passkey auth */ + { NULL, NULL }, /* Sentinel */ + }; + + struct sss_test_conf_param pam_params[] = { + { CONFDB_PAM_P11_URI, "pkcs11:manufacturer=SoftHSM%20project" }, + { "p11_child_timeout", "30" }, + { "pam_cert_verification", NULL }, + { NULL, NULL }, /* Sentinel */ + }; + + struct sss_test_conf_param monitor_params[] = { + { "certificate_verification", "no_ocsp"}, + { NULL, NULL }, /* Sentinel */ + }; + + test_pam_setup(dom_params, pam_params, monitor_params, state); + + pam_test_setup_common(); + return 0; +} +#endif + #ifdef HAVE_TEST_CA static int pam_test_setup_no_verification(void **state) { struct sss_test_conf_param dom_params[] = { { "enumerate", "false" }, { "cache_credentials", "true" }, + { "local_auth_policy", "enable:smartcard" }, /* Needed to allow local sc auth */ { NULL, NULL }, /* Sentinel */ }; @@ -387,6 +428,7 @@ static int pam_cached_test_setup(void **state) { "enumerate", "false" }, { "cache_credentials", "true" }, { "cached_auth_timeout", CACHED_AUTH_TIMEOUT_STR }, + { "local_auth_policy", "enable:smartcard" }, /* Needed to allow local sc auth */ { NULL, NULL }, /* Sentinel */ }; @@ -4370,6 +4412,55 @@ void test_pam_passkey_auth(void **state) assert_int_equal(ret, EOK); } +void test_pam_passkey_bad_mapping(void **state) +{ + int ret; + struct sysdb_attrs *attrs; + const char *pubkey = SSSD_TEST_PUBKEY; + size_t pk_size; + const char *user_verification = "on"; + + set_passkey_auth_param(pam_test_ctx->pctx); + + /* Add user verification attribute */ + ret = sysdb_domain_update_passkey_user_verification( + pam_test_ctx->tctx->dom->sysdb, + pam_test_ctx->tctx->dom->name, + user_verification); + assert_int_equal(ret, EOK); + + mock_input_pam_passkey(pam_test_ctx, "pamuser", "1234", NULL, + NULL, SSSD_TEST_PASSKEY); + mock_parse_inp("pamuser", NULL, EOK); + + will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE); + will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); + + /* Add the test invalid pubkey data for this user */ + pk_size = strlen(pubkey) + 1; + + attrs = sysdb_new_attrs(pam_test_ctx); + assert_non_null(attrs); + + ret = sysdb_attrs_add_mem(attrs, SYSDB_USER_PASSKEY, pubkey, pk_size); + assert_int_equal(ret, EOK); + + ret = sysdb_set_user_attr(pam_test_ctx->tctx->dom, + pam_test_ctx->pam_user_fqdn, + attrs, + LDB_FLAG_MOD_ADD); + assert_int_equal(ret, EOK); + + pam_test_ctx->exp_pam_status = PAM_SUCCESS; + set_cmd_cb(test_pam_passkey_auth_check); + ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_AUTHENTICATE, + pam_test_ctx->pam_cmds); + assert_int_equal(ret, EOK); + + ret = test_ev_loop(pam_test_ctx->tctx); + assert_int_equal(ret, EOK); +} + void test_pam_passkey_auth_send(void **state) { @@ -4418,6 +4509,7 @@ int main(int argc, const char *argv[]) { poptContext pc; int opt; + int res; const char *single = NULL; struct poptOption long_options[] = { POPT_AUTOHELP @@ -4591,13 +4683,15 @@ int main(int argc, const char *argv[]) pam_test_setup, pam_test_teardown), #ifdef BUILD_PASSKEY cmocka_unit_test_setup_teardown(test_pam_passkey_preauth_no_passkey, - pam_test_setup, pam_test_teardown), + pam_test_setup_passkey, pam_test_teardown), cmocka_unit_test_setup_teardown(test_pam_passkey_preauth_found, - pam_test_setup, pam_test_teardown), + pam_test_setup_passkey, pam_test_teardown), cmocka_unit_test_setup_teardown(test_pam_passkey_auth, - pam_test_setup, pam_test_teardown), + pam_test_setup_passkey, pam_test_teardown), + cmocka_unit_test_setup_teardown(test_pam_passkey_bad_mapping, + pam_test_setup_passkey, pam_test_teardown), cmocka_unit_test_setup_teardown(test_pam_passkey_auth_send, - pam_test_setup, pam_test_teardown), + pam_test_setup_passkey, pam_test_teardown), cmocka_unit_test_setup_teardown(test_pam_prompting_passkey_interactive, pam_test_setup_passkey_interactive_prompt, pam_test_teardown), cmocka_unit_test_setup_teardown(test_pam_prompting_passkey_interactive_and_touch, @@ -4682,8 +4776,6 @@ int main(int argc, const char *argv[]) return 1; } - poptFreeContext(pc); - DEBUG_CLI_INIT(debug_level); /* Even though normally the tests should clean up after themselves @@ -4691,7 +4783,8 @@ int main(int argc, const char *argv[]) tests_set_cwd(); test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME); - return sss_cmocka_run_group_tests(tests, sizeof(tests)/sizeof(tests[0]), - single); - + res = sss_cmocka_run_group_tests(tests, sizeof(tests)/sizeof(tests[0]), + single); + poptFreeContext(pc); + return res; } diff --git a/src/tests/cmocka/test_passkey_child.c b/src/tests/cmocka/test_passkey_child.c index cab566ea3a3..5003152c453 100644 --- a/src/tests/cmocka/test_passkey_child.c +++ b/src/tests/cmocka/test_passkey_child.c @@ -278,6 +278,16 @@ __wrap_fido_dev_has_pin(fido_dev_t *dev) return ret; } +bool +__wrap_fido_dev_supports_uv(fido_dev_t *dev) +{ + bool ret; + + ret = mock(); + + return ret; +} + int __wrap_fido_dev_make_cred(fido_dev_t *dev, fido_cred_t *cred, const char *pin) { @@ -880,6 +890,7 @@ void test_register_key_integration(void **state) data.type = COSE_ES256; data.user_verification = FIDO_OPT_FALSE; data.cred_type = CRED_SERVER_SIDE; + data.mapping_file = NULL; data.quiet = false; will_return(__wrap_fido_dev_info_manifest, FIDO_OK); will_return(__wrap_fido_dev_info_manifest, 1); @@ -1089,6 +1100,7 @@ void test_get_device_options(void **state) ts->data.user_verification = FIDO_OPT_TRUE; will_return(__wrap_fido_dev_has_uv, true); will_return(__wrap_fido_dev_has_pin, true); + will_return(__wrap_fido_dev_supports_uv, true); ret = get_device_options(dev, &ts->data); @@ -1105,12 +1117,30 @@ void test_get_device_options_user_verification_unmatch(void **state) ts->data.user_verification = FIDO_OPT_TRUE; will_return(__wrap_fido_dev_has_uv, false); will_return(__wrap_fido_dev_has_pin, false); + will_return(__wrap_fido_dev_supports_uv, false); ret = get_device_options(dev, &ts->data); assert_int_equal(ret, EINVAL); } +void test_get_device_options_user_verification_false_not_supported(void **state) +{ + struct test_state *ts = talloc_get_type_abort(*state, struct test_state); + fido_dev_t *dev = NULL; + errno_t ret; + + ts->data.user_verification = FIDO_OPT_FALSE; + will_return(__wrap_fido_dev_has_uv, false); + will_return(__wrap_fido_dev_has_pin, false); + will_return(__wrap_fido_dev_supports_uv, false); + + ret = get_device_options(dev, &ts->data); + + assert_int_equal(ret, FIDO_OK); + assert_int_equal(ts->data.user_verification, FIDO_OPT_OMIT); +} + void test_request_assert(void **state) { struct test_state *ts = talloc_get_type_abort(*state, struct test_state); @@ -1205,6 +1235,7 @@ void test_authenticate_integration(void **state) } will_return(__wrap_fido_dev_has_uv, false); will_return(__wrap_fido_dev_has_pin, false); + will_return(__wrap_fido_dev_supports_uv, false); will_return(__wrap_fido_assert_set_uv, FIDO_OK); will_return(__wrap_fido_assert_set_clientdata_hash, FIDO_OK); will_return(__wrap_fido_dev_has_uv, false); @@ -1255,6 +1286,7 @@ void test_get_assert_data_integration(void **state) } will_return(__wrap_fido_dev_has_uv, false); will_return(__wrap_fido_dev_has_pin, false); + will_return(__wrap_fido_dev_supports_uv, false); will_return(__wrap_fido_assert_set_uv, FIDO_OK); will_return(__wrap_fido_dev_has_uv, false); will_return(__wrap_fido_dev_has_pin, false); @@ -1357,6 +1389,7 @@ int main(int argc, const char *argv[]) cmocka_unit_test_setup_teardown(test_get_authenticator_data_multiple_keys_assert_not_found, setup, teardown), cmocka_unit_test_setup_teardown(test_get_device_options, setup, teardown), cmocka_unit_test_setup_teardown(test_get_device_options_user_verification_unmatch, setup, teardown), + cmocka_unit_test_setup_teardown(test_get_device_options_user_verification_false_not_supported, setup, teardown), cmocka_unit_test_setup_teardown(test_request_assert, setup, teardown), cmocka_unit_test_setup_teardown(test_verify_assert, setup, teardown), cmocka_unit_test_setup_teardown(test_verify_assert_failed, setup, teardown), diff --git a/src/tests/cmocka/test_utils.c b/src/tests/cmocka/test_utils.c index 104dc0af43c..760e7130723 100644 --- a/src/tests/cmocka/test_utils.c +++ b/src/tests/cmocka/test_utils.c @@ -1536,11 +1536,14 @@ static int teardown_leak_tests(void **state) return 0; } +/* add_strings_list() is an alias for add_strings_list_ex() that allows for + * duplicate values. + */ void test_add_strings_lists(void **state) { - const char *l1[] = {"a", "b", "c", NULL}; - const char *l2[] = {"1", "2", "3", NULL}; - char **res; + const char *l1[] = {"a", "b", "c", "b", NULL}; + const char *l2[] = {"1", "2", "3", "2", NULL}; + const char **res; int ret; size_t c; size_t d; @@ -1631,6 +1634,113 @@ void test_add_strings_lists(void **state) talloc_free(res); } +/* add_strings_list_ex(skip_dups=false) was tested by add_string_list(). + * We now test add_strings_list_ex(skip_dups=true). + */ +void test_add_strings_lists_ex(void **state) +{ + /* Set duplicate values at the end of the array to simplify the comparison */ + const char *l1[] = {"a", "b", "c", "b", NULL}; + const char *l2[] = {"1", "2", "3", "2", NULL}; + const char *r1[sizeof(l1) / sizeof(*l1) - 1]; + const char *r2[sizeof(l2) / sizeof(*l2) - 1]; + const char **res; + int ret; + size_t c; + size_t d; + + /* The expected results must have the same pointers */ + memcpy(r1, l1, sizeof(r1) - sizeof(*r1)); + r1[sizeof(r1) / sizeof(*r1) - 1] = NULL; + memcpy(r2, l2, sizeof(r2) - sizeof(*r2)); + r2[sizeof(r2) / sizeof(*r2) - 1] = NULL; + + ret = add_strings_lists_ex(global_talloc_context, NULL, NULL, true, true, &res); + assert_int_equal(ret, EOK); + assert_non_null(res); + assert_null(res[0]); + talloc_free(res); + + ret = add_strings_lists_ex(global_talloc_context, NULL, NULL, false, true, &res); + assert_int_equal(ret, EOK); + assert_non_null(res); + assert_null(res[0]); + talloc_free(res); + + ret = add_strings_lists_ex(global_talloc_context, l1, NULL, false, true, &res); + assert_int_equal(ret, EOK); + assert_non_null(res); + for (c = 0; r1[c] != NULL; c++) { + /* 'copy_strings' is 'false', pointers must be equal */ + assert_int_equal(memcmp(&r1[c], &res[c], sizeof(char *)), 0); + } + assert_null(res[c]); + talloc_free(res); + + ret = add_strings_lists_ex(global_talloc_context, l1, NULL, true, true, &res); + assert_int_equal(ret, EOK); + assert_non_null(res); + for (c = 0; r1[c] != NULL; c++) { + /* 'copy_strings' is 'true', pointers must be different, but strings + * must be equal */ + assert_int_not_equal(memcmp(&r1[c], &res[c], sizeof(char *)), 0); + assert_string_equal(r1[c], res[c]); + } + assert_null(res[c]); + talloc_free(res); + + ret = add_strings_lists_ex(global_talloc_context, NULL, l1, false, true, &res); + assert_int_equal(ret, EOK); + assert_non_null(res); + for (c = 0; r1[c] != NULL; c++) { + /* 'copy_strings' is 'false', pointers must be equal */ + assert_int_equal(memcmp(&r1[c], &res[c], sizeof(char *)), 0); + } + assert_null(res[c]); + talloc_free(res); + + ret = add_strings_lists_ex(global_talloc_context, NULL, l1, true, true, &res); + assert_int_equal(ret, EOK); + assert_non_null(res); + for (c = 0; r1[c] != NULL; c++) { + /* 'copy_strings' is 'true', pointers must be different, but strings + * must be equal */ + assert_int_not_equal(memcmp(&r1[c], &res[c], sizeof(char *)), 0); + assert_string_equal(r1[c], res[c]); + } + assert_null(res[c]); + talloc_free(res); + + ret = add_strings_lists_ex(global_talloc_context, l1, l2, false, true, &res); + assert_int_equal(ret, EOK); + assert_non_null(res); + for (c = 0; r1[c] != NULL; c++) { + /* 'copy_strings' is 'false', pointers must be equal */ + assert_int_equal(memcmp(&r1[c], &res[c], sizeof(char *)), 0); + } + for (d = 0; r2[d] != NULL; d++) { + assert_int_equal(memcmp(&r2[d], &res[c+d], sizeof(char *)), 0); + } + assert_null(res[c+d]); + talloc_free(res); + + ret = add_strings_lists_ex(global_talloc_context, l1, l2, true, true, &res); + assert_int_equal(ret, EOK); + assert_non_null(res); + for (c = 0; r1[c] != NULL; c++) { + /* 'copy_strings' is 'true', pointers must be different, but strings + * must be equal */ + assert_int_not_equal(memcmp(&r1[c], &res[c], sizeof(char *)), 0); + assert_string_equal(r1[c], res[c]); + } + for (d = 0; r2[d] != NULL; d++) { + assert_int_not_equal(memcmp(&r2[d], &res[c+d], sizeof(char *)), 0); + assert_string_equal(r2[d], res[c+d]); + } + assert_null(res[c+d]); + talloc_free(res); +} + void test_sss_write_krb5_conf_snippet(void **state) { int ret; @@ -2331,6 +2441,9 @@ int main(int argc, const char *argv[]) cmocka_unit_test_setup_teardown(test_add_strings_lists, setup_leak_tests, teardown_leak_tests), + cmocka_unit_test_setup_teardown(test_add_strings_lists_ex, + setup_leak_tests, + teardown_leak_tests), cmocka_unit_test(test_sss_write_krb5_conf_snippet), cmocka_unit_test(test_get_hidden_path), cmocka_unit_test_setup_teardown(test_sss_unique_file, diff --git a/src/tests/cwrap/Makefile.am b/src/tests/cwrap/Makefile.am index f25d2e3c6e0..797d9e64073 100644 --- a/src/tests/cwrap/Makefile.am +++ b/src/tests/cwrap/Makefile.am @@ -9,7 +9,17 @@ AM_CPPFLAGS = \ -DRUNDIR=\"$(runstatedir)\" \ -DSSS_STATEDIR=\"$(localstatedir)/lib/sss\" \ -DSYSCONFDIR=\"$(sysconfdir)\" \ + $(POPT_CFLAGS) \ + $(TALLOC_CFLAGS) \ + $(TDB_CFLAGS) \ + $(TEVENT_CFLAGS) \ + $(LDB_CFLAGS) \ $(DBUS_CFLAGS) \ + $(PCRE_CFLAGS) \ + $(INI_CONFIG_CFLAGS) \ + $(DHASH_CFLAGS) \ + $(LIBNL_CFLAGS) \ + $(OPENLDAP_CFLAGS) \ $(GLIB2_CFLAGS) \ $(NULL) diff --git a/src/tests/file_watch-tests.c b/src/tests/file_watch-tests.c index 3ca5b44f955..30409a3f7c7 100644 --- a/src/tests/file_watch-tests.c +++ b/src/tests/file_watch-tests.c @@ -36,11 +36,19 @@ #include "util/file_watch.h" #include "tests/common.h" -#define FW_DIR TEST_DIR "/file-watch" -#define WATCHED_FILE_INOTIFY FW_DIR "/watched_file_inotify" -#define WATCHED_FILE_POLL FW_DIR "/watched_file_poll" -#define WATCHED_EXISTING_FILE_INOTIFY FW_DIR "/watched_file_inotify.exists" -#define WATCHED_EXISTING_FILE_POLL FW_DIR "/watched_file_poll.exists" +#define FW_NAME "/file-watch-test-dir" +#define FILE_INOTIFY_NAME "watched_file_inotify" +#define FILE_POLL_NAME "watched_file_poll" +#define FW_DIR TEST_DIR FW_NAME +#define EXISTING_FILE_INOTIFY_NAME FILE_INOTIFY_NAME ".exists" +#define EXISTING_FILE_POLL_NAME FILE_POLL_NAME ".exists" +#define WATCHED_FILE_INOTIFY FW_DIR "/.." FW_NAME "/" FILE_INOTIFY_NAME +#define WATCHED_FILE_POLL FW_DIR "/.." FW_NAME "/" FILE_POLL_NAME +#define WATCHED_EXISTING_FILE_INOTIFY FW_DIR "/.." FW_NAME "/" EXISTING_FILE_INOTIFY_NAME +#define WATCHED_EXISTING_FILE_POLL FW_DIR "/.." FW_NAME "/" EXISTING_FILE_POLL_NAME +#define WATCHED_EXISTING_LINK_INOTIFY FW_DIR "/" EXISTING_FILE_INOTIFY_NAME ".link" +#define WATCHED_EXISTING_LINK_POLL FW_DIR "/" EXISTING_FILE_POLL_NAME ".link" +#define UNWATCHED_FILE FW_DIR "/unwatched_file" static TALLOC_CTX *test_mem_ctx; @@ -50,34 +58,51 @@ struct fn_arg { int counter; }; -static void setup_file_watch(void) +static void remove_files(void) { - test_mem_ctx = talloc_new(NULL); - mkdir(FW_DIR, 0700); unlink(WATCHED_FILE_INOTIFY); unlink(WATCHED_FILE_POLL); + unlink(WATCHED_EXISTING_LINK_INOTIFY); + unlink(WATCHED_EXISTING_LINK_POLL); unlink(WATCHED_EXISTING_FILE_INOTIFY); unlink(WATCHED_EXISTING_FILE_POLL); + unlink(UNWATCHED_FILE); } +static void setup_file_watch(void) +{ + DEBUG(SSSDBG_TRACE_ALL, "==========================================\n"); + test_mem_ctx = talloc_new(NULL); + mkdir(FW_DIR, 0700); + remove_files(); +} static void teardown_file_watch(void) { - unlink(WATCHED_FILE_INOTIFY); - unlink(WATCHED_FILE_POLL); - unlink(WATCHED_EXISTING_FILE_INOTIFY); - unlink(WATCHED_EXISTING_FILE_POLL); talloc_free(test_mem_ctx); + remove_files(); + rmdir(FW_DIR); } static void callback(const char *filename, void *arg) { - DEBUG(SSSDBG_TRACE_FUNC, "Callback invoked\n"); + static char received[PATH_MAX + 1]; + static char expected[PATH_MAX + 1]; + char *res; struct fn_arg *data = (struct fn_arg *) arg; + DEBUG(SSSDBG_TRACE_FUNC, "Callback invoked\n"); + ck_assert_msg(data != NULL, "Callback received NULL argument"); - ck_assert_msg(strcmp(filename, data->filename) == 0, + + res = realpath(data->filename, expected); + ck_assert_msg(res != NULL, "Failed to normalize the expected filename"); + + res = realpath(filename, received); + ck_assert_msg(res != NULL, "Failed to normalize the received filename"); + + ck_assert_msg(strcmp(expected, received) == 0, "Wrong filename in the callback."); data->counter++; } @@ -88,7 +113,7 @@ static void modify_file(const char *filename) int fd; int res; - DEBUG(SSSDBG_TRACE_FUNC, "File modified\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Modifying file %s\n", filename); fd = open(filename, O_WRONLY | O_CREAT | O_APPEND, S_IRUSR | S_IWUSR); ck_assert_msg(fd != -1, "Failed to open the file."); @@ -119,11 +144,14 @@ static void test_file_watch_no_file(bool use_inotify) arg.filename = filename; arg.counter = 0; + DEBUG(SSSDBG_TRACE_ALL, "Watching file %s\n", filename); ctx = fw_watch_file(test_mem_ctx, ev, filename, use_inotify, callback, &arg); ck_assert_msg(ctx != NULL, "Failed to watch a file."); ck_assert_msg(arg.counter == 0, "Unexpected callback invocation."); - // At this point the file doesn't exist, we will create it. + /* At this point the file doesn't exist. We create the watched and an + unwatched file */ + modify_file(UNWATCHED_FILE); modify_file(filename); if (use_inotify) { res = tevent_loop_once(ev); @@ -134,7 +162,7 @@ static void test_file_watch_no_file(bool use_inotify) ck_assert_msg(arg.counter >= 1, "Callback not invoked on creation."); ck_assert_msg(arg.counter <= 1, "Callback invoked too many times on creation."); - // Now just modify the file + /* Now just modify the file */ modify_file(filename); if (use_inotify) { res = tevent_loop_once(ev); @@ -152,34 +180,43 @@ static void test_file_watch_with_file(bool use_inotify) { struct file_watch_ctx *ctx; struct tevent_context *ev; + const char *filepath; const char *filename; + const char *linkpath; struct fn_arg arg; int res; if (use_inotify) { - filename = WATCHED_EXISTING_FILE_INOTIFY; + filename = EXISTING_FILE_INOTIFY_NAME; + filepath = WATCHED_EXISTING_FILE_INOTIFY; + linkpath = WATCHED_EXISTING_LINK_INOTIFY; } else { - filename = WATCHED_EXISTING_FILE_POLL; + filename = EXISTING_FILE_POLL_NAME; + filepath = WATCHED_EXISTING_FILE_POLL; + linkpath = WATCHED_EXISTING_LINK_POLL; } - modify_file(filename); + modify_file(filepath); + res = symlink(filename, linkpath); + ck_assert_msg(res == 0, "Failed create the symbolic link"); ev = tevent_context_init(test_mem_ctx); ck_assert_msg(ev != NULL, "Failed to create the tevent context."); - arg.filename = filename; + arg.filename = linkpath; arg.counter = 0; - // File already exists - ctx = fw_watch_file(test_mem_ctx, ev, filename, use_inotify, callback, &arg); - ck_assert_msg(ctx != NULL, "Failed to watch a file."); + /* File already exists */ + DEBUG(SSSDBG_TRACE_ALL, "Watching link %s\n", linkpath); + ctx = fw_watch_file(test_mem_ctx, ev, linkpath, use_inotify, callback, &arg); + ck_assert_msg(ctx != NULL, "Failed to watch a link."); ck_assert_msg(arg.counter >= 1, "Callback not invoked at start up."); ck_assert_msg(arg.counter <= 1, "Callback invoked too many times at start up."); - // Now just modify the file + /* Now just modify the file */ if (!use_inotify) { - sleep(2); // Detection by polling is based on the file's modification time. + sleep(2); /* Detection by polling is based on the file's modification time. */ } - modify_file(filename); + modify_file(filepath); if (use_inotify) { res = tevent_loop_once(ev); ck_assert_msg(res == 0, "tevent_loop_once() failed."); diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am index fcf71049498..0cfd268dce7 100644 --- a/src/tests/intg/Makefile.am +++ b/src/tests/intg/Makefile.am @@ -78,6 +78,15 @@ sss_netgroup_thread_test_LDADD = \ -lpthread \ $(NULL) +nsslib_LTLIBRARIES = libnss_call.la +libnss_call_la_SOURCES = \ + nss_call.c \ + $(NULL) +libnss_call_la_LDFLAGS = \ + -module \ + -version-info 2:0:0 \ + $(NULL) + dist_dbussysconf_DATA = cwrap-dbus-system.conf install-data-hook: @@ -190,6 +199,7 @@ clean-local: PAM_CERT_DB_PATH="$(abs_builddir)/../test_CA/SSSD_test_CA.pem" SOFTHSM2_CONF="$(abs_builddir)/../test_CA/softhsm2_one.conf" +SOFTHSM2_TWO_CONF="$(abs_builddir)/../test_CA/softhsm2_two.conf" intgcheck-installed: config.py passwd group pam_sss_service pam_sss_alt_service pam_sss_sc_required pam_sss_try_sc pam_sss_allow_missing_name pam_sss_domains sss_netgroup_thread_test pipepath="$(DESTDIR)$(pipepath)"; \ @@ -224,6 +234,7 @@ intgcheck-installed: config.py passwd group pam_sss_service pam_sss_alt_service PAM_CERT_DB_PATH=$(PAM_CERT_DB_PATH) \ ABS_SRCDIR=$(abs_srcdir) \ SOFTHSM2_CONF=$(SOFTHSM2_CONF) \ + SOFTHSM2_TWO_CONF=$(SOFTHSM2_TWO_CONF) \ KCM_RENEW=$(KCM_RENEW) \ FILES_PROVIDER=$(FILES_PROVIDER) \ DBUS_SOCK_DIR="$(DESTDIR)$(runstatedir)/dbus/" \ diff --git a/src/tests/intg/nss_call.c b/src/tests/intg/nss_call.c new file mode 100644 index 00000000000..a8c7d30f5c7 --- /dev/null +++ b/src/tests/intg/nss_call.c @@ -0,0 +1,166 @@ +/* + NSS module which calls glibc's user and group lookup functions again + + DO NOT USE THIS IN /etc/nsswitch.conf, it will cause an infinite loop. + + The main use case is to run proxy provider tests with cwrap's nss-wrapper. + The proxy provider loads the NSS modules directly with dlopen() and is not + using glibc's NSS mechanism. Since nss-wrapper just wraps the standard + glibc calls and does not provide an NSS module on its own we have to use + this workaround to make proxy provider work with nss-wrapper. + + Authors: + Sumit Bose <sbose@redhat.com> + + Copyright (c) 2023 Red Hat, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#define _DEFAULT_SOURCE +#define _GNU_SOURCE + +#include <stdlib.h> +#include <nss.h> +#include <sys/types.h> +#include <pwd.h> +#include <grp.h> + + + +#define NSSRET(r) return (((r) == 0) ? NSS_STATUS_SUCCESS : NSS_STATUS_NOTFOUND ) + +enum nss_status _nss_call_getpwnam_r(const char *name, struct passwd *result, + char *buffer, size_t buflen, int *errnop) +{ + struct passwd *res; + int ret = getpwnam_r(name, result, buffer, buflen, &res); + NSSRET(ret); +} + +enum nss_status _nss_call_getpwuid_r(uid_t uid, struct passwd *result, + char *buffer, size_t buflen, int *errnop) +{ + struct passwd *res; + int ret = getpwuid_r(uid, result, buffer, buflen, &res); + NSSRET(ret); +} + +enum nss_status _nss_call_setpwent(void) +{ + setpwent(); + return NSS_STATUS_SUCCESS; +} + +enum nss_status _nss_call_getpwent_r(struct passwd *result, + char *buffer, size_t buflen, + int *errnop) +{ + struct passwd *res; + int ret = getpwent_r(result, buffer, buflen, &res); + NSSRET(ret); +} + +enum nss_status _nss_call_endpwent(void) +{ + endpwent(); + return NSS_STATUS_SUCCESS; +} + +enum nss_status _nss_call_getgrnam_r(const char *name, struct group *result, + char *buffer, size_t buflen, int *errnop) +{ + struct group *res; + int ret = getgrnam_r(name, result, buffer, buflen, &res); + NSSRET(ret); +} + +enum nss_status _nss_call_getgrgid_r(gid_t gid, struct group *result, + char *buffer, size_t buflen, int *errnop) +{ + struct group *res; + int ret = getgrgid_r(gid, result, buffer, buflen, &res); + NSSRET(ret); +} + +enum nss_status _nss_call_setgrent(void) +{ + setgrent(); + return NSS_STATUS_SUCCESS; +} + +enum nss_status _nss_call_getgrent_r(struct group *result, + char *buffer, size_t buflen, int *errnop) +{ + struct group *res; + int ret = getgrent_r(result, buffer, buflen, &res); + NSSRET(ret); +} + +enum nss_status _nss_call_endgrent(void) +{ + endgrent(); + return NSS_STATUS_SUCCESS; +} + +enum nss_status _nss_call_initgroups_dyn(const char *user, gid_t group, + long int *start, long int *size, + gid_t **groups, long int limit, + int *errnop) +{ + int ngroups = 0; + gid_t *grps = NULL; + long int max_ret; + long int i; + int ret; + + ret = getgrouplist(user, group, grps, &ngroups); + if (ret != -1) { + return NSS_STATUS_UNAVAIL; + } + + grps = malloc(ngroups * sizeof(gid_t)); + if (grps == NULL) { + return NSS_STATUS_UNAVAIL; + } + + max_ret = ngroups; + /* check we have enough space in the buffer */ + if ((*size - *start) < ngroups) { + long int newsize; + gid_t *newgroups; + + newsize = *size + ngroups; + if ((limit > 0) && (newsize > limit)) { + newsize = limit; + max_ret = newsize - *start; + } + + newgroups = (gid_t *)realloc((*groups), newsize * sizeof(**groups)); + if (!newgroups) { + free(grps); + return NSS_STATUS_UNAVAIL; + } + *groups = newgroups; + *size = newsize; + } + + for (i = 0; i < max_ret; i++) { + (*groups)[*start] = grps[i]; + *start += 1; + } + free(grps); + + return NSS_STATUS_SUCCESS; +} diff --git a/src/tests/intg/test_memory_cache.py b/src/tests/intg/test_memory_cache.py index c2afa1483a7..b30c9024919 100644 --- a/src/tests/intg/test_memory_cache.py +++ b/src/tests/intg/test_memory_cache.py @@ -358,6 +358,8 @@ def zero_timeout_rfc2307(request, ldap_conn): return None +@pytest.mark.converted('test_id.py', 'test_id__getpwuid') +@pytest.mark.converted('test_id.py', 'test_id__getpwnam') def test_getpwnam(ldap_conn, sanity_rfc2307): ent.assert_passwd_by_name( 'user1', @@ -441,12 +443,15 @@ def test_getpwnam(ldap_conn, sanity_rfc2307): gecos='1023', shell='/bin/bash')) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__getpwnam') def test_getpwnam_with_mc(ldap_conn, sanity_rfc2307): test_getpwnam(ldap_conn, sanity_rfc2307) stop_sssd() test_getpwnam(ldap_conn, sanity_rfc2307) +@pytest.mark.converted('test_id.py', 'test_id__getgrgid') +@pytest.mark.converted('test_id.py', 'test_id__getgrnam') def test_getgrnam_simple(ldap_conn, sanity_rfc2307): ent.assert_group_by_name("group1", dict(name="group1", gid=2001)) ent.assert_group_by_gid(2001, dict(name="group1", gid=2001)) @@ -467,18 +472,21 @@ def test_getgrnam_simple(ldap_conn, sanity_rfc2307): ent.assert_group_by_gid(2020, dict(name="group2x", gid=2020)) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__getgrnam') def test_getgrnam_simple_with_mc(ldap_conn, sanity_rfc2307): test_getgrnam_simple(ldap_conn, sanity_rfc2307) stop_sssd() test_getgrnam_simple(ldap_conn, sanity_rfc2307) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__disabled_passwd_getgrnam') def test_getgrnam_simple_disabled_pwd_mc(ldap_conn, disable_pwd_mc_rfc2307): test_getgrnam_simple(ldap_conn, disable_pwd_mc_rfc2307) stop_sssd() test_getgrnam_simple(ldap_conn, disable_pwd_mc_rfc2307) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__disabled_intitgroups_getgrnam') def test_getgrnam_simple_disabled_intitgr_mc(ldap_conn, disable_initgr_mc_rfc2307): test_getgrnam_simple(ldap_conn, disable_initgr_mc_rfc2307) @@ -486,6 +494,8 @@ def test_getgrnam_simple_disabled_intitgr_mc(ldap_conn, test_getgrnam_simple(ldap_conn, disable_initgr_mc_rfc2307) +@pytest.mark.converted('test_id.py', 'test_id__membership_by_group_id') +@pytest.mark.converted('test_id.py', 'test_id__membership_by_group_name') def test_getgrnam_membership(ldap_conn, sanity_rfc2307): ent.assert_group_by_name( "group1", @@ -530,6 +540,8 @@ def test_getgrnam_membership(ldap_conn, sanity_rfc2307): dict(mem=ent.contains_only("user21", "user22", "user23"))) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__membership_by_group_id') +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__membership_by_group_name') def test_getgrnam_membership_with_mc(ldap_conn, sanity_rfc2307): test_getgrnam_membership(ldap_conn, sanity_rfc2307) stop_sssd() @@ -548,6 +560,7 @@ def assert_user_gids_equal(user, expected_gids): ) +@pytest.mark.converted('test_id.py', 'test_id__initgroups') def test_initgroups(ldap_conn, sanity_rfc2307): assert_user_gids_equal('user1', [2000, 2001]) assert_user_gids_equal('user2', [2000, 2002]) @@ -562,12 +575,15 @@ def test_initgroups(ldap_conn, sanity_rfc2307): assert_user_gids_equal('user23', [2020, 2003]) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__user_gids') def test_initgroups_with_mc(ldap_conn, sanity_rfc2307): test_initgroups(ldap_conn, sanity_rfc2307) stop_sssd() test_initgroups(ldap_conn, sanity_rfc2307) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__getpwnam_fully_qualified_names') +@pytest.mark.converted('test_id.py', 'test_id__getpwnam_fully_qualified_names') def test_initgroups_fqname_with_mc(ldap_conn, fqname_rfc2307): assert_user_gids_equal('user1@LDAP', [2000, 2001]) stop_sssd() @@ -609,6 +625,10 @@ def assert_stored_last_initgroups(user1_case1, user1_case2, user1_case_last, assert_initgroups_equal(user1_case_last, primary_gid, expected_gids) +@pytest.mark.converted('test_id.py', 'test_id__fq_names_case_insensitive') +@pytest.mark.converted('test_id.py', 'test_id__case_insensitive') +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__fq_names_case_insensitive') +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__case_insensitive') def test_initgroups_case_insensitive_with_mc1(ldap_conn, fqname_case_insensitive_rfc2307): user1_case1 = 'User1@LDAP' @@ -621,6 +641,10 @@ def test_initgroups_case_insensitive_with_mc1(ldap_conn, primary_gid, expected_gids) +@pytest.mark.converted('test_id.py', 'test_id__fq_names_case_insensitive') +@pytest.mark.converted('test_id.py', 'test_id__case_insensitive') +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__fq_names_case_insensitive') +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__case_insensitive') def test_initgroups_case_insensitive_with_mc2(ldap_conn, fqname_case_insensitive_rfc2307): user1_case1 = 'usEr1@LDAP' @@ -633,6 +657,10 @@ def test_initgroups_case_insensitive_with_mc2(ldap_conn, primary_gid, expected_gids) +@pytest.mark.converted('test_id.py', 'test_id__fq_names_case_insensitive') +@pytest.mark.converted('test_id.py', 'test_id__case_insensitive') +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__fq_names_case_insensitive') +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__case_insensitive') def test_initgroups_case_insensitive_with_mc3(ldap_conn, fqname_case_insensitive_rfc2307): user1_case1 = 'uSer1@LDAP' @@ -673,6 +701,7 @@ def run_simple_test_with_initgroups(): assert_initgroups_equal("user1", 2001, [2000, 2001]) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidatation_of_gids_after_initgroups') def test_invalidation_of_gids_after_initgroups(ldap_conn, sanity_rfc2307): # the sssd cache was empty and not all user's group were @@ -712,6 +741,7 @@ def test_invalidation_of_gids_after_initgroups(ldap_conn, sanity_rfc2307): grp.getgrgid(gid) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__initgroups_without_change_in_membership') def test_initgroups_without_change_in_membership(ldap_conn, sanity_rfc2307): # the sssd cache was empty and not all user's group were @@ -778,6 +808,7 @@ def assert_missing_mc_records_for_user1(): "User user1, errno:%d" % err +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidate_user_before_stop') def test_invalidate_user_before_stop(ldap_conn, sanity_rfc2307): # initialize cache with full ID (res, errno, _) = sssd_id.get_user_groups("user1") @@ -791,6 +822,7 @@ def test_invalidate_user_before_stop(ldap_conn, sanity_rfc2307): assert_missing_mc_records_for_user1() +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidate_user_after_stop') def test_invalidate_user_after_stop(ldap_conn, sanity_rfc2307): # initialize cache with full ID (res, errno, _) = sssd_id.get_user_groups("user1") @@ -804,6 +836,7 @@ def test_invalidate_user_after_stop(ldap_conn, sanity_rfc2307): assert_missing_mc_records_for_user1() +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidate_users_before_stop') def test_invalidate_users_before_stop(ldap_conn, sanity_rfc2307): # initialize cache with full ID (res, errno, _) = sssd_id.get_user_groups("user1") @@ -817,6 +850,7 @@ def test_invalidate_users_before_stop(ldap_conn, sanity_rfc2307): assert_missing_mc_records_for_user1() +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidate_users_after_stop') def test_invalidate_users_after_stop(ldap_conn, sanity_rfc2307): # initialize cache with full ID (res, errno, _) = sssd_id.get_user_groups("user1") @@ -830,6 +864,7 @@ def test_invalidate_users_after_stop(ldap_conn, sanity_rfc2307): assert_missing_mc_records_for_user1() +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidate_group_before_stop') def test_invalidate_group_before_stop(ldap_conn, sanity_rfc2307): # initialize cache with full ID (res, errno, _) = sssd_id.get_user_groups("user1") @@ -843,6 +878,7 @@ def test_invalidate_group_before_stop(ldap_conn, sanity_rfc2307): assert_missing_mc_records_for_user1() +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidate_group_after_stop') def test_invalidate_group_after_stop(ldap_conn, sanity_rfc2307): # initialize cache with full ID (res, errno, _) = sssd_id.get_user_groups("user1") @@ -856,6 +892,7 @@ def test_invalidate_group_after_stop(ldap_conn, sanity_rfc2307): assert_missing_mc_records_for_user1() +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidate_groups_before_stop') def test_invalidate_groups_before_stop(ldap_conn, sanity_rfc2307): # initialize cache with full ID (res, errno, _) = sssd_id.get_user_groups("user1") @@ -869,6 +906,7 @@ def test_invalidate_groups_before_stop(ldap_conn, sanity_rfc2307): assert_missing_mc_records_for_user1() +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidate_groups_after_stop') def test_invalidate_groups_after_stop(ldap_conn, sanity_rfc2307): # initialize cache with full ID (res, errno, _) = sssd_id.get_user_groups("user1") @@ -881,7 +919,7 @@ def test_invalidate_groups_after_stop(ldap_conn, sanity_rfc2307): assert_missing_mc_records_for_user1() - +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidate_everything_before_stop') def test_invalidate_everything_before_stop(ldap_conn, sanity_rfc2307): # initialize cache with full ID (res, errno, _) = sssd_id.get_user_groups("user1") @@ -895,6 +933,7 @@ def test_invalidate_everything_before_stop(ldap_conn, sanity_rfc2307): assert_missing_mc_records_for_user1() +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidate_everything_after_stop') def test_invalidate_everything_after_stop(ldap_conn, sanity_rfc2307): # initialize cache with full ID (res, errno, _) = sssd_id.get_user_groups("user1") @@ -984,6 +1023,7 @@ def test_colliding_hashes(ldap_conn, sanity_rfc2307): gecos='5001', shell='/bin/bash')) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__removed_cache_without_invalidation') def test_removed_mc(ldap_conn, sanity_rfc2307): """ Regression test for ticket: @@ -1020,6 +1060,7 @@ def test_removed_mc(ldap_conn, sanity_rfc2307): grp.getgrgid(2001) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__memcache_timeout_zero') def test_mc_zero_timeout(ldap_conn, zero_timeout_rfc2307): """ Test that the memory cache is not created at all with memcache_timeout=0 @@ -1053,6 +1094,7 @@ def test_mc_zero_timeout(ldap_conn, zero_timeout_rfc2307): grp.getgrgid(2001) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__disabled_cache') def test_disabled_mc(ldap_conn, disable_memcache_rfc2307): ent.assert_passwd_by_name( 'user1', @@ -1086,6 +1128,7 @@ def test_disabled_mc(ldap_conn, disable_memcache_rfc2307): (res, errno, gids) = sssd_id.get_user_gids('user1') +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__disabled_passwd_getpwnam') def test_disabled_passwd_mc(ldap_conn, disable_pwd_mc_rfc2307): ent.assert_passwd_by_name( 'user1', @@ -1112,6 +1155,7 @@ def test_disabled_passwd_mc(ldap_conn, disable_pwd_mc_rfc2307): (res, errno, gids) = sssd_id.get_user_gids('user1') +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__disabled_group') def test_disabled_group_mc(ldap_conn, disable_grp_mc_rfc2307): ent.assert_passwd_by_name( 'user1', @@ -1147,6 +1191,7 @@ def test_disabled_group_mc(ldap_conn, disable_grp_mc_rfc2307): assert_user_gids_equal('user1', [2000, 2001]) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__disabled_intitgroups_getpwnam') def test_disabled_initgr_mc(ldap_conn, disable_initgr_mc_rfc2307): # Even if initgroups is disabled, passwd should work ent.assert_passwd_by_name( diff --git a/src/tests/intg/test_pam_responder.py b/src/tests/intg/test_pam_responder.py index e97701871ba..0fbf8065e49 100644 --- a/src/tests/intg/test_pam_responder.py +++ b/src/tests/intg/test_pam_responder.py @@ -38,9 +38,30 @@ LDAP_BASE_DN = "dc=example,dc=com" - -def have_files_provider(): - return os.environ['FILES_PROVIDER'] == "enabled" +def provider_list(): + if os.environ['FILES_PROVIDER'] == "enabled": + return ('files', 'files_with_policy', 'proxy') + else: + # The comma is required to indicate a list with the string 'proxy' as + # only item, without it the string 'proxy' will be interpreted as list + # with five letters. + return ('proxy',) + + +class provider_switch: + def __init__(self, p): + if p == 'files': + self.p = "id_provider = files\nfallback_to_nss = False\n" + elif p == 'files_with_policy': + self.p = "id_provider = files\nfallback_to_nss = False\nlocal_auth_policy = enable:smartcard\n" + elif p == 'proxy': + self.p = "id_provider = proxy\nlocal_auth_policy = only\nproxy_lib_name = call\n" + elif p == 'proxy_password': + self.p = "id_provider = proxy\nproxy_lib_name = call\nproxy_pam_target = sssd-shadowutils\n" + elif p == 'proxy_password_with_sc': + self.p = "id_provider = proxy\nlocal_auth_policy = enable:smartcard\nproxy_lib_name = call\nproxy_pam_target = sssd-shadowutils\n" + else: + self.p = none @pytest.fixture(scope="module") @@ -120,7 +141,7 @@ def format_basic_conf(ldap_conn): shell='/bin/bash') -def format_pam_cert_auth_conf(config): +def format_pam_cert_auth_conf(config, provider): """Format a basic SSSD configuration""" return unindent("""\ [sssd] @@ -144,15 +165,14 @@ def format_pam_cert_auth_conf(config): [domain/auth_only] debug_level = 10 - id_provider = files - fallback_to_nss = False + {provider.p} [certmap/auth_only/user1] - matchrule = <SUBJECT>.*CN=SSSD test cert 0001.* + matchrule = <SUBJECT>.*CN=SSSD test cert 000[12].* """).format(**locals()) -def format_pam_cert_auth_conf_name_format(config): +def format_pam_cert_auth_conf_name_format(config, provider): """Format SSSD configuration with full_name_format""" return unindent("""\ [sssd] @@ -178,11 +198,10 @@ def format_pam_cert_auth_conf_name_format(config): use_fully_qualified_names = True full_name_format = %2$s\\%1$s debug_level = 10 - id_provider = files - fallback_to_nss = False + {provider.p} [certmap/auth_only/user1] - matchrule = <SUBJECT>.*CN=SSSD test cert 0001.* + matchrule = <SUBJECT>.*CN=SSSD test cert 000[12].* """).format(**locals()) @@ -202,8 +221,8 @@ def format_pam_krb5_auth(config, kdc_instance): [domain/krb5_auth] debug_level = 10 - id_provider = files - fallback_to_nss = False + id_provider = proxy + proxy_lib_name = call auth_provider = krb5 krb5_realm = PAMKRB5TEST @@ -227,8 +246,8 @@ def format_pam_krb5_auth_domains(config, kdc_instance): [domain/wrong.dom1] debug_level = 10 - id_provider = files - fallback_to_nss = False + id_provider = proxy + proxy_lib_name = call auth_provider = krb5 krb5_realm = WRONG1REALM @@ -236,8 +255,8 @@ def format_pam_krb5_auth_domains(config, kdc_instance): [domain/wrong.dom2] debug_level = 10 - id_provider = files - fallback_to_nss = False + id_provider = proxy + proxy_lib_name = call auth_provider = krb5 krb5_realm = WRONG2REALM @@ -245,8 +264,8 @@ def format_pam_krb5_auth_domains(config, kdc_instance): [domain/wrong.dom3] debug_level = 10 - id_provider = files - fallback_to_nss = False + id_provider = proxy + proxy_lib_name = call auth_provider = krb5 krb5_realm = WRONG3REALM @@ -254,8 +273,8 @@ def format_pam_krb5_auth_domains(config, kdc_instance): [domain/krb5_auth] debug_level = 10 - id_provider = files - fallback_to_nss = False + id_provider = proxy + proxy_lib_name = call auth_provider = krb5 krb5_realm = PAMKRB5TEST @@ -333,7 +352,7 @@ def create_sssd_fixture(request, krb5_conf_path=None): def simple_pam_cert_auth(request, passwd_ops_setup): """Setup SSSD with pam_cert_auth=True""" config.PAM_CERT_DB_PATH = os.environ['PAM_CERT_DB_PATH'] - conf = format_pam_cert_auth_conf(config) + conf = format_pam_cert_auth_conf(config, provider_switch(request.param)) create_conf_fixture(request, conf) create_sssd_fixture(request) passwd_ops_setup.useradd(**USER1) @@ -349,7 +368,7 @@ def simple_pam_cert_auth_no_cert(request, passwd_ops_setup): old_softhsm2_conf = os.environ['SOFTHSM2_CONF'] del os.environ['SOFTHSM2_CONF'] - conf = format_pam_cert_auth_conf(config) + conf = format_pam_cert_auth_conf(config, provider_switch(request.param)) create_conf_fixture(request, conf) create_sssd_fixture(request) @@ -361,20 +380,40 @@ def simple_pam_cert_auth_no_cert(request, passwd_ops_setup): return None +@pytest.fixture +def simple_pam_cert_auth_two_certs(request, passwd_ops_setup): + """Setup SSSD with pam_cert_auth=True""" + config.PAM_CERT_DB_PATH = os.environ['PAM_CERT_DB_PATH'] + + old_softhsm2_conf = os.environ['SOFTHSM2_CONF'] + softhsm2_two_conf = os.environ['SOFTHSM2_TWO_CONF'] + os.environ['SOFTHSM2_CONF'] = softhsm2_two_conf + + conf = format_pam_cert_auth_conf(config, provider_switch(request.param)) + create_conf_fixture(request, conf) + create_sssd_fixture(request) + + os.environ['SOFTHSM2_CONF'] = old_softhsm2_conf + + passwd_ops_setup.useradd(**USER1) + passwd_ops_setup.useradd(**USER2) + sync_files_provider(USER2['name']) + + return None + + @pytest.fixture def simple_pam_cert_auth_name_format(request, passwd_ops_setup): """Setup SSSD with pam_cert_auth=True and full_name_format""" config.PAM_CERT_DB_PATH = os.environ['PAM_CERT_DB_PATH'] - conf = format_pam_cert_auth_conf_name_format(config) + conf = format_pam_cert_auth_conf_name_format(config, provider_switch(request.param)) create_conf_fixture(request, conf) create_sssd_fixture(request) passwd_ops_setup.useradd(**USER1) passwd_ops_setup.useradd(**USER2) return None - -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") +@pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_preauth_indicator(simple_pam_cert_auth): """Check if preauth indicator file is created""" statinfo = os.stat(config.PUBCONF_PATH + "/pam_preauth_available") @@ -390,8 +429,6 @@ def pam_prompting_config(request, ldap_conn): return None -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") def test_password_prompting_config_global(ldap_conn, pam_prompting_config, env_for_sssctl): """Check global change of the password prompt""" @@ -417,8 +454,6 @@ def test_password_prompting_config_global(ldap_conn, pam_prompting_config, assert err.find("My global prompt") != -1 -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") def test_password_prompting_config_srv(ldap_conn, pam_prompting_config, env_for_sssctl): """Check change of the password prompt for dedicated service""" @@ -460,8 +495,7 @@ def env_for_sssctl(request): return env_for_sssctl -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") +@pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_sc_auth_wrong_pin(simple_pam_cert_auth, env_for_sssctl): sssctl = subprocess.Popen(["sssctl", "user-checks", "user1", @@ -486,8 +520,7 @@ def test_sc_auth_wrong_pin(simple_pam_cert_auth, env_for_sssctl): "Authentication failure") != -1 -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") +@pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_sc_auth(simple_pam_cert_auth, env_for_sssctl): sssctl = subprocess.Popen(["sssctl", "user-checks", "user1", @@ -511,8 +544,107 @@ def test_sc_auth(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") +@pytest.mark.parametrize('simple_pam_cert_auth_two_certs', provider_list(), indirect=True) +def test_sc_auth_two(simple_pam_cert_auth_two_certs, env_for_sssctl): + + sssctl = subprocess.Popen(["sssctl", "user-checks", "user1", + "--action=auth", "--service=pam_sss_service"], + universal_newlines=True, + env=env_for_sssctl, stdin=subprocess.PIPE, + stdout=subprocess.PIPE, stderr=subprocess.PIPE) + + try: + out, err = sssctl.communicate(input="2\n123456") + except Exception: + sssctl.kill() + out, err = sssctl.communicate() + + sssctl.stdin.close() + sssctl.stdout.close() + + if sssctl.wait() != 0: + raise Exception("sssctl failed") + + assert err.find("pam_authenticate for user [user1]: Success") != -1 + + +@pytest.mark.parametrize('simple_pam_cert_auth_two_certs', provider_list(), indirect=True) +def test_sc_auth_two_missing_name(simple_pam_cert_auth_two_certs, env_for_sssctl): + + sssctl = subprocess.Popen(["sssctl", "user-checks", "", + "--action=auth", "--service=pam_sss_allow_missing_name"], + universal_newlines=True, + env=env_for_sssctl, stdin=subprocess.PIPE, + stdout=subprocess.PIPE, stderr=subprocess.PIPE) + + try: + out, err = sssctl.communicate(input="2\n123456") + except Exception: + sssctl.kill() + out, err = sssctl.communicate() + + sssctl.stdin.close() + sssctl.stdout.close() + + if sssctl.wait() != 0: + raise Exception("sssctl failed") + + assert err.find("pam_authenticate for user [user1]: Success") != -1 + + +@pytest.mark.parametrize('simple_pam_cert_auth', ['proxy_password'], indirect=True) +def test_sc_proxy_password_fallback(simple_pam_cert_auth, env_for_sssctl): + """ + Check that there will be a password prompt if another proxy auth module is + configured and Smartcard authentication is not allowed but a Smartcard is + present. + """ + + sssctl = subprocess.Popen(["sssctl", "user-checks", "user1", + "--action=auth", "--service=pam_sss_service"], + universal_newlines=True, + env=env_for_sssctl, stdin=subprocess.PIPE, + stdout=subprocess.PIPE, stderr=subprocess.PIPE) + + out, err = sssctl.communicate() + + sssctl.stdin.close() + sssctl.stdout.close() + + assert err.find("Password:") != -1 + + +@pytest.mark.parametrize('simple_pam_cert_auth', ['proxy_password_with_sc'], + indirect=True) +def test_sc_proxy_no_password_fallback(simple_pam_cert_auth, env_for_sssctl): + """ + Use the same environ as for test_sc_proxy_password_fallback but now allow + local Smartcard authentication. Here we expect that there will be a prompt + for the Smartcard PIN and that Smartcard authentication is successful. + """ + + sssctl = subprocess.Popen(["sssctl", "user-checks", "user1", + "--action=auth", "--service=pam_sss_service"], + universal_newlines=True, + env=env_for_sssctl, stdin=subprocess.PIPE, + stdout=subprocess.PIPE, stderr=subprocess.PIPE) + + try: + out, err = sssctl.communicate(input="123456") + except Exception: + sssctl.kill() + out, err = sssctl.communicate() + + sssctl.stdin.close() + sssctl.stdout.close() + + if sssctl.wait() != 0: + raise Exception("sssctl failed") + + assert err.find("pam_authenticate for user [user1]: Success") != -1 + + +@pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_require_sc_auth(simple_pam_cert_auth, env_for_sssctl): sssctl = subprocess.Popen(["sssctl", "user-checks", "user1", @@ -537,8 +669,7 @@ def test_require_sc_auth(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") +@pytest.mark.parametrize('simple_pam_cert_auth_no_cert', provider_list(), indirect=True) def test_require_sc_auth_no_cert(simple_pam_cert_auth_no_cert, env_for_sssctl): # We have to wait about 20s before the command returns because there will @@ -574,8 +705,7 @@ def test_require_sc_auth_no_cert(simple_pam_cert_auth_no_cert, env_for_sssctl): "service cannot retrieve authentication info") != -1 -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") +@pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_try_sc_auth_no_map(simple_pam_cert_auth, env_for_sssctl): sssctl = subprocess.Popen(["sssctl", "user-checks", "user2", @@ -601,8 +731,7 @@ def test_try_sc_auth_no_map(simple_pam_cert_auth, env_for_sssctl): "service cannot retrieve authentication info") != -1 -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") +@pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_try_sc_auth(simple_pam_cert_auth, env_for_sssctl): sssctl = subprocess.Popen(["sssctl", "user-checks", "user1", @@ -627,8 +756,7 @@ def test_try_sc_auth(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") +@pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_try_sc_auth_root(simple_pam_cert_auth, env_for_sssctl): """ Make sure pam_sss returns PAM_AUTHINFO_UNAVAIL even for root if @@ -657,8 +785,7 @@ def test_try_sc_auth_root(simple_pam_cert_auth, env_for_sssctl): "service cannot retrieve authentication info") != -1 -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") +@pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_sc_auth_missing_name(simple_pam_cert_auth, env_for_sssctl): """ Test pam_sss allow_missing_name feature. @@ -686,8 +813,7 @@ def test_sc_auth_missing_name(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") +@pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_sc_auth_missing_name_whitespace(simple_pam_cert_auth, env_for_sssctl): """ Test pam_sss allow_missing_name feature. @@ -715,8 +841,7 @@ def test_sc_auth_missing_name_whitespace(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") +@pytest.mark.parametrize('simple_pam_cert_auth_name_format', provider_list(), indirect=True) def test_sc_auth_name_format(simple_pam_cert_auth_name_format, env_for_sssctl): """ Test that full_name_format is respected with pam_sss allow_missing_name @@ -777,8 +902,6 @@ def setup_krb5(request, kdc_instance, passwd_ops_setup): return None -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") def test_krb5_auth(setup_krb5, env_for_sssctl): """ Test basic Kerberos authentication, check for authentication failure when @@ -845,8 +968,6 @@ def setup_krb5_domains(request, kdc_instance, passwd_ops_setup): return None -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") def test_krb5_auth_domains(setup_krb5_domains, env_for_sssctl): """ Test basic Kerberos authentication with pam_sss 'domains' option, make diff --git a/src/tests/multihost/ad/conftest.py b/src/tests/multihost/ad/conftest.py index ccafd102b96..e45590ee618 100644 --- a/src/tests/multihost/ad/conftest.py +++ b/src/tests/multihost/ad/conftest.py @@ -16,6 +16,9 @@ pytest_plugins = ( 'sssd.testlib.common.fixtures', + 'pytest_importance', + 'pytest_ticket', + 'sssd.testlib.common.custom_log', ) diff --git a/src/tests/multihost/ad/pytest.ini b/src/tests/multihost/ad/pytest.ini index f85b738f2c6..8a055f3cd78 100644 --- a/src/tests/multihost/ad/pytest.ini +++ b/src/tests/multihost/ad/pytest.ini @@ -5,6 +5,7 @@ markers = adloginattr: Tests for AD login attributes admisc: Miscellaneous bugzilla automations for AD automount: Automount test cases with maps stored in AD schema + c_ares: Tests for C-ares library cifs: Cifs test cases converted: Tests that are already converted to the new framework. ad_access_control: Test for AD Access Control diff --git a/src/tests/multihost/ad/test_access_control.py b/src/tests/multihost/ad/test_access_control.py index 5c033dd32f3..9d283974980 100644 --- a/src/tests/multihost/ad/test_access_control.py +++ b/src/tests/multihost/ad/test_access_control.py @@ -48,7 +48,7 @@ def ssh_login(multihost, username): @pytest.mark.usefixtures('joinad') @pytest.mark.ad_access_control -@pytest.mark.tier1_4 +@pytest.mark.tier2 class TestAccessControl(object): """ Test cases for BZ: 1268902 :setup: diff --git a/src/tests/multihost/ad/test_ad_misc.py b/src/tests/multihost/ad/test_ad_misc.py index 279d08a7e25..b00bc465ba4 100644 --- a/src/tests/multihost/ad/test_ad_misc.py +++ b/src/tests/multihost/ad/test_ad_misc.py @@ -317,8 +317,17 @@ def test_0004_bz2110091(multihost, adjoin, create_aduser_group): client.sssd_conf(dom_section, sssd_params) client.clear_sssd_cache() multihost.client[0].run_command('systemctl reboot', raiseonerr=False) - time.sleep(50) - dom_log = multihost.client[0].get_file_contents(f'/var/log/sssd/sssd_{domainname}.log').decode('utf-8') + time.sleep(30) + # Reboot takes a long time in some cases so we try multiple times. + for _ in range(1, 10): + try: + dom_log = multihost.client[0].get_file_contents(f'/var/log/sssd/sssd_{domainname}.log').decode('utf-8') + break + except OSError: + time.sleep(30) + else: + # There is no need to fail here as the assertion will fail anyway. + dom_log = "Could not pull the log file!" log1 = re.compile(r'Destroying.the.old.c-ares.channel', re.IGNORECASE) log2 = re.compile(r'\[recreate_ares_channel.*Initializing.new.c-ares.channel', re.IGNORECASE) assert log1.search(dom_log), 'Destroying the old c-ares related log missing' diff --git a/src/tests/multihost/ad/test_adparameters.py b/src/tests/multihost/ad/test_adparameters.py index 9614e6b0481..fe68ea5ddd7 100644 --- a/src/tests/multihost/ad/test_adparameters.py +++ b/src/tests/multihost/ad/test_adparameters.py @@ -135,7 +135,7 @@ def test_0003_bz1421622(self, multihost, adjoin, create_aduser_group): assert False @pytest.mark.tier1 - def test_00015_authselect_cannot_validate_its_own_files(self, multihost): + def test_00015_authselect_cannot_validate_its_own_files(self, multihost, adjoin): """ :title: authselect: authselect cannot validate its own files :id: 67bec814-d67b-4469-9662-58354889d549 @@ -143,10 +143,7 @@ def test_00015_authselect_cannot_validate_its_own_files(self, multihost): :casecomponent: authselect :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1734302 """ - password = multihost.ad[0].ssh_password - client = sssdTools(multihost.client[0]) - domainname = multihost.ad[0].domainname.strip().upper() - client.realm_join(domainname, password) + adjoin(membersw='adcli') multihost.client[0].run_command("service sssd restart") multihost.client[0].run_command("yum install -y gdb") multihost.client[0].run_command("gdb -quiet authselect -ex " @@ -156,12 +153,7 @@ def test_00015_authselect_cannot_validate_its_own_files(self, multihost): "'shell sleep 1' -ex 'detach' -ex " "'quit'") cmd_check = multihost.client[0].run_command("authselect check") - client.realm_leave(domainname) - if "Current configuration is valid." in cmd_check.stdout_text: - result = "PASS" - else: - result = "FAIL" - assert result == "PASS" + assert "Current configuration is valid." in cmd_check.stdout_text @pytest.mark.tier1 def test_0005_BZ1527149_BZ1549675(self, multihost, adjoin, create_adgrp): diff --git a/src/tests/multihost/ad/test_adparameters_ported.py b/src/tests/multihost/ad/test_adparameters_ported.py index b8234682d4a..c848cc9c5ba 100644 --- a/src/tests/multihost/ad/test_adparameters_ported.py +++ b/src/tests/multihost/ad/test_adparameters_ported.py @@ -61,24 +61,28 @@ def change_client_hostname(session_multihost, request): cmd = session_multihost.client[0].run_command('hostname', raiseonerr=False) old_hostname = cmd.stdout_text.rstrip() ad_domain = session_multihost.ad[0].domainname - try: - new_hostname = session_multihost.client[0].external_hostname. \ - split('.')[0] - except (KeyError, AttributeError): - new_hostname = old_hostname.split('.')[0] - if new_hostname.startswith('ci-'): - new_hostname = new_hostname[3:] - new_hostname = new_hostname[:15] + "." + ad_domain + new_hostname = "client0." + ad_domain + # Temporary way of changing hostname session_multihost.client[0].run_command( f'hostname {new_hostname}', raiseonerr=False ) + # Permanent way of changing hostname + session_multihost.client[0].run_command( + f'hostnamectl set-hostname {new_hostname}', raiseonerr=False + ) + def restore(): """ Restore hostname """ + # Temporary way of changing hostname session_multihost.client[0].run_command( f'hostname {old_hostname}', raiseonerr=False ) + # Permanent way of changing hostname + session_multihost.client[0].run_command( + f'hostnamectl set-hostname {old_hostname}', raiseonerr=False + ) request.addfinalizer(restore) @@ -185,6 +189,7 @@ def set_ssh_key_ldap(session_multihost, user, pubkey, operation="replace"): return cmd.returncode == 0 +@pytest.mark.flaky(reruns=5, reruns_delay=30) @pytest.mark.adparameters @pytest.mark.usefixtures("change_client_hostname") class TestADParamsPorted: @@ -491,6 +496,10 @@ def test_0004_ad_parameters_valid_domain_shorthost( :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=892197 """ + arch = multihost.client[0].run_command( + 'uname -m', raiseonerr=False).stdout_text + if 'x86_64' not in arch: + pytest.skip("Test is unstable on architectures other than x68_64.") adjoin(membersw='adcli') client = sssdTools(multihost.client[0], multihost.ad[0]) # Create AD user with posix attributes @@ -749,8 +758,9 @@ def test_0008_ad_parameters_homedir_override_both( @staticmethod @pytest.mark.tier1_2 + @pytest.mark.c_ares def test_0009_ad_parameters_ldap_sasl_full( - multihost, create_aduser_group): + multihost, adjoin, create_aduser_group): """ :title: IDM-SSSD-TC: ad_provider: ad_parameters: Using full principal bz877972 @@ -777,17 +787,12 @@ def test_0009_ad_parameters_ldap_sasl_full( """ hostname = multihost.client[0].run_command( 'hostname', raiseonerr=False).stdout_text.rstrip() + client = sssdTools(multihost.client[0], multihost.ad[0]) ad_realm = multihost.ad[0].domainname.upper() - # Join AD manually to set the user-principal for sasl - joincmd = f"realm join --user=Administrator --user-principal=host/" \ - f"{hostname}@{ad_realm} {multihost.ad[0].domainname.lower()}" - multihost.client[0].run_command( - joincmd, stdin_text=multihost.ad[0].ssh_password, - raiseonerr=False) + adjoin(membersw='adcli') # Create AD user (aduser, _) = create_aduser_group # Configure sssd - client = sssdTools(multihost.client[0], multihost.ad[0]) client.backup_sssd_conf() dom_section = f'domain/{client.get_domain_section_name()}' sssd_params = { @@ -816,8 +821,6 @@ def test_0009_ad_parameters_ldap_sasl_full( # TEARDOWN client.restore_sssd_conf() client.clear_sssd_cache() - multihost.client[0].run_command( - f"realm leave {ad_realm}", raiseonerr=False) # EVALUATION assert f"Option ldap_sasl_authid has value " \ @@ -833,8 +836,9 @@ def test_0009_ad_parameters_ldap_sasl_full( @staticmethod @pytest.mark.tier2 + @pytest.mark.c_ares def test_0010_ad_parameters_ldap_sasl_short( - multihost, create_aduser_group): + multihost, adjoin, create_aduser_group): """ :title: IDM-SSSD-TC: ad_provider: ad_parameters: Using short principal :id: 6f1cc204-0dd3-40eb-a3e2-a113cc7c2df3 @@ -858,21 +862,14 @@ def test_0010_ad_parameters_ldap_sasl_short( :customerscenario: False :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1137015 """ - hostname = multihost.client[0].run_command( 'hostname', raiseonerr=False).stdout_text.rstrip() ad_realm = multihost.ad[0].domainname.upper() - - # Join AD manually to set the user-principal for sasl - joincmd = f"realm join --user=Administrator --user-principal=host/" \ - f"{hostname}@{ad_realm} {multihost.ad[0].domainname.lower()}" - multihost.client[0].run_command( - joincmd, stdin_text=multihost.ad[0].ssh_password, - raiseonerr=False) + client = sssdTools(multihost.client[0], multihost.ad[0]) + adjoin(membersw='adcli') # Create AD user (aduser, _) = create_aduser_group # Configure sssd - client = sssdTools(multihost.client[0], multihost.ad[0]) client.backup_sssd_conf() dom_section = f'domain/{client.get_domain_section_name()}' sssd_params = { @@ -902,8 +899,6 @@ def test_0010_ad_parameters_ldap_sasl_short( # TEARDOWN client.restore_sssd_conf() client.clear_sssd_cache() - multihost.client[0].run_command( - f"realm leave {ad_realm}", raiseonerr=False) # EVALUATION assert f"Option ldap_sasl_authid has value " \ @@ -919,6 +914,7 @@ def test_0010_ad_parameters_ldap_sasl_short( @staticmethod @pytest.mark.tier1_2 + @pytest.mark.c_ares def test_0011_ad_parameters_server_resolvable( multihost, adjoin, create_aduser_group): """ @@ -998,6 +994,7 @@ def test_0011_ad_parameters_server_resolvable( @staticmethod @pytest.mark.tier2 + @pytest.mark.c_ares def test_0012_ad_parameters_server_unresolvable( multihost, adjoin, create_aduser_group): """ @@ -1051,6 +1048,7 @@ def test_0012_ad_parameters_server_unresolvable( @staticmethod @pytest.mark.tier1_2 + @pytest.mark.c_ares def test_0013_ad_parameters_server_srv_record( multihost, adjoin, create_aduser_group): """ @@ -1110,6 +1108,7 @@ def test_0013_ad_parameters_server_srv_record( @staticmethod @pytest.mark.tier1_2 + @pytest.mark.c_ares def test_0014_ad_parameters_server_blank( multihost, adjoin, create_aduser_group): """ @@ -1167,7 +1166,6 @@ def test_0014_ad_parameters_server_blank( assert su_result, "The su command failed!" @staticmethod - @pytest.mark.flaky(reruns=5, reruns_delay=30) @pytest.mark.tier2 def test_0015_ad_parameters_ad_hostname_machine( multihost, adjoin, create_aduser_group): @@ -1196,7 +1194,7 @@ def test_0015_ad_parameters_ad_hostname_machine( arch = multihost.client[0].run_command( 'uname -m', raiseonerr=False).stdout_text if 'x86_64' not in arch: - pytest.skip("Test is unstable on architectures other than x68_64.") + pytest.skip("Test is unstable on architectures other than x86_64.") adjoin(membersw='adcli') client = sssdTools(multihost.client[0], multihost.ad[0]) @@ -1250,13 +1248,15 @@ def test_0015_ad_parameters_ad_hostname_machine( f'hostname {old_hostname}', raiseonerr=False) # Evaluate test results - assert "Setting ad_hostname to [host1.kautest.com]" in log_str - assert f"Will look for host1.kautest.com@{ad_realm}" in log_str assert usr_cmd.returncode == 0, f"User {aduser} was not found." assert su_result, "The su command failed!" + assert "Setting ad_hostname to [host1.kautest.com]" in log_str + assert f"Will look for host1.kautest.com@{ad_realm}" in log_str + @staticmethod @pytest.mark.tier1_2 + @pytest.mark.c_ares def test_0016_ad_parameters_ad_hostname_valid( multihost, adjoin, create_aduser_group): """ @@ -1286,6 +1286,10 @@ def test_0016_ad_parameters_ad_hostname_valid( 1. Remove AD user. :customerscenario: False """ + arch = multihost.client[0].run_command( + 'uname -m', raiseonerr=False).stdout_text + if 'x86_64' not in arch: + pytest.skip("Test is unstable on architectures other than x86_64.") adjoin(membersw='adcli') client = sssdTools(multihost.client[0], multihost.ad[0]) @@ -1334,13 +1338,13 @@ def test_0016_ad_parameters_ad_hostname_valid( multihost.client[0].run_command( f'hostname {old_hostname}', raiseonerr=False) # Evaluate test results + assert usr_cmd.returncode == 0, f"User {aduser} was not found." + assert grp_cmd.returncode == 0, f"Group {adgroup} was not found!" + assert su_result, "The su command failed!" assert f"Option ad_hostname has value {old_hostname}" in log_str assert f"Setting ad_hostname to [{old_hostname}]" not in log_str assert f"Will look for {old_hostname}@{ad_realm}" in log_str assert f"Trying to find principal {old_hostname}@{ad_realm}" in log_str - assert usr_cmd.returncode == 0, f"User {aduser} was not found." - assert grp_cmd.returncode == 0, f"Group {adgroup} was not found!" - assert su_result, "The su command failed!" @staticmethod @pytest.mark.tier2 @@ -2045,6 +2049,7 @@ def test_0025_ad_parameters_empty_group(multihost, adjoin): @staticmethod @pytest.mark.tier2 + @pytest.mark.c_ares def test_0026_ad_parameters_dns_failover( multihost, adjoin, create_plain_aduser_group): """ @@ -2192,7 +2197,6 @@ def test_0027_ad_parameters_group_membership_empty( assert aduser in grp_cmd.stdout_text, f"{aduser} not in getent out." @staticmethod - @pytest.mark.flaky(reruns=5, reruns_delay=30) @pytest.mark.tier2 def test_0028_ad_parameters_nested_in_nonposix_group( multihost, adjoin, create_aduser_group): @@ -2217,7 +2221,6 @@ def test_0028_ad_parameters_nested_in_nonposix_group( """ adjoin(membersw='adcli') client = sssdTools(multihost.client[0], multihost.ad[0]) - # Create AD user with posix attributes (aduser, adgroup) = create_aduser_group # Configure sssd to enable logging @@ -2225,17 +2228,16 @@ def test_0028_ad_parameters_nested_in_nonposix_group( sssd_params = { 'id_provider': 'ldap', 'ldap_schema': 'ad', - 'ldap_id_use_start_tls': 'False', 'ldap_default_bind_dn': f'CN=administrator,CN=Users' f',{multihost.ad[0].domain_basedn_entry}', - 'ldap_default_authtok_type': 'password', - 'ldap_default_authtok': f'{multihost.ad[0].ssh_password}', + 'use_fully_qualified_names': 'false', + 'ldap_id_use_start_tls': 'True', + 'ldap_tls_cacert': '/etc/openldap/certs/ad_cert.pem', + 'ldap_uri': f'ldaps://{multihost.ad[0].sys_hostname}', + 'ldap_default_authtok': multihost.ad[0].ssh_password, 'ldap_referrals': 'false', - 'debug_level': '9', - 'use_fully_qualified_names': 'False', - 'cache_credentials': 'True', - 'krb5_store_password_if_offline': 'True', - 'fallback_homedir': '/home/%d/%u', + 'ldap_id_mapping': 'True', + 'fallback_homedir': '/home/%d/%u' } client.sssd_conf(dom_section, sssd_params) @@ -2251,6 +2253,8 @@ def test_0028_ad_parameters_nested_in_nonposix_group( # Clear cache and restart SSSD client.clear_sssd_cache() + time.sleep(60) + # Search for the AD user usr_cmd = multihost.client[0].run_command( f'id {aduser}', raiseonerr=False) @@ -2264,7 +2268,6 @@ def test_0028_ad_parameters_nested_in_nonposix_group( assert group_2 in usr_cmd.stdout_text, f"{group_2} not in id output." @staticmethod - @pytest.mark.flaky(reruns=5, reruns_delay=30) @pytest.mark.tier2 def test_0029_ad_parameters_tokengroups_with_ldap( multihost, adjoin, create_aduser_group): @@ -2295,13 +2298,14 @@ def test_0029_ad_parameters_tokengroups_with_ldap( sssd_params = { 'id_provider': 'ldap', 'ldap_schema': 'ad', - 'ldap_id_use_start_tls': 'False', + 'ldap_id_use_start_tls': 'True', + 'ldap_tls_cacert': '/etc/openldap/certs/ad_cert.pem', + 'ldap_uri': f'ldaps://{multihost.ad[0].sys_hostname}', + 'ldap_default_authtok': multihost.ad[0].ssh_password, 'ldap_default_bind_dn': f'CN=administrator,CN=Users' f',{multihost.ad[0].domain_basedn_entry}', - 'ldap_default_authtok_type': 'password', - 'ldap_default_authtok': f'{multihost.ad[0].ssh_password}', - 'ldap_referrals': 'false', 'debug_level': '9', + 'ldap_referrals': 'false', 'use_fully_qualified_names': 'True', 'cache_credentials': 'True', 'krb5_store_password_if_offline': 'True', @@ -2311,6 +2315,8 @@ def test_0029_ad_parameters_tokengroups_with_ldap( # Clear cache and restart SSSD client.clear_sssd_cache() + time.sleep(60) + # Search for the AD user usr_cmd = multihost.client[0].run_command( f'id {aduser}@{ad_domain}', raiseonerr=False) @@ -2326,7 +2332,6 @@ def test_0029_ad_parameters_tokengroups_with_ldap( not in log_str @staticmethod - @pytest.mark.flaky(reruns=5, reruns_delay=30) @pytest.mark.tier2 def test_0030_ad_parameters_tokengroups_searchbase( multihost, adjoin, create_aduser_group): @@ -2379,11 +2384,12 @@ def test_0030_ad_parameters_tokengroups_searchbase( sssd_params = { 'id_provider': 'ldap', 'ldap_schema': 'ad', - 'ldap_id_use_start_tls': 'False', + 'ldap_id_use_start_tls': 'True', + 'ldap_tls_cacert': '/etc/openldap/certs/ad_cert.pem', + 'ldap_uri': f'ldaps://{multihost.ad[0].sys_hostname}', + 'ldap_default_authtok': multihost.ad[0].ssh_password, 'ldap_default_bind_dn': f'CN=administrator,CN=Users' f',{multihost.ad[0].domain_basedn_entry}', - 'ldap_default_authtok_type': 'password', - 'ldap_default_authtok': f'{multihost.ad[0].ssh_password}', 'ldap_referrals': 'false', 'debug_level': '9', 'use_fully_qualified_names': 'True', @@ -2396,6 +2402,7 @@ def test_0030_ad_parameters_tokengroups_searchbase( client.sssd_conf(dom_section, sssd_params) # Clear cache and restart SSSD client.clear_sssd_cache() + time.sleep(60) # Search for the AD user usr_cmd = multihost.client[0].run_command( @@ -2925,6 +2932,7 @@ def test_0036_ad_parameters_renewal_leaks_descriptors(multihost, adjoin): @staticmethod @pytest.mark.tier1_2 + @pytest.mark.converted('test_ldap_extra_attrs.py', 'test_ldap_extra_attrs__filled') def test_0037_ad_parameters_extra_attrs_mail(multihost, adjoin): """ :title: IDM-SSSD-TC: ad_provider: ad_parameters: SSSD fails to start diff --git a/src/tests/multihost/ad/test_dyndns.py b/src/tests/multihost/ad/test_dyndns.py index ba288b33695..ae58d081152 100644 --- a/src/tests/multihost/ad/test_dyndns.py +++ b/src/tests/multihost/ad/test_dyndns.py @@ -98,9 +98,11 @@ def remove_interface(): @pytest.mark.usefixtures("reverse_zone", "disable_dns_forwarders", "change_client_hostname") @pytest.mark.dyndns @pytest.mark.tier2 +@pytest.mark.c_ares class TestDynDns(object): @staticmethod + @pytest.mark.c_ares def test_0001_verify_with_default_setting(multihost, adjoin): """ :title: IDM-SSSD-TC: ad_provider: dyndns: verify with default settings @@ -126,6 +128,7 @@ def test_0001_verify_with_default_setting(multihost, adjoin): assert dns.find_ptr(hostname, ip) @staticmethod + @pytest.mark.c_ares def test_0002_verify_when_dyndns_update_set_to_false(multihost, adjoin): """ :title: IDM-SSSD-TC: ad_provider: dyndns: verify when dyndns update set to false @@ -156,6 +159,7 @@ def test_0002_verify_when_dyndns_update_set_to_false(multihost, adjoin): assert dns.find_ptr(hostname, ip) is not True @staticmethod + @pytest.mark.c_ares def test_0003_verify_with_dyndns_ttl_functionality(multihost, adjoin): """ :title: IDM-SSSD-TC: ad_provider: dyndns: verify with dyndns ttl functionality @@ -224,9 +228,10 @@ def test_0004_check_dyndns_iface_with_existing_interfaces( assert dns.find_a(hostname, extra_ip) assert dns.find_ptr(hostname, extra_ip) - assert ip not in dns.print_zone(domain) + assert not dns.find_ptr(hostname, ip) @staticmethod + @pytest.mark.c_ares def test_0005_check_dyndns_iface_with_non_existing_interfaces(multihost, adjoin): """ :title: IDM-SSSD-TC: ad_provider: dyndns: check dyndns iface with non-existing interfaces @@ -258,6 +263,7 @@ def test_0005_check_dyndns_iface_with_non_existing_interfaces(multihost, adjoin) assert dns.find_ptr(hostname, ip) is not True @staticmethod + @pytest.mark.c_ares def test_0006_check_with_dyndns_refresh_interval(multihost, adjoin, extra_network, extra_interface): """ :title: IDM-SSSD-TC: ad_provider: dyndns: check with dyndns refresh interval @@ -311,6 +317,7 @@ def test_0006_check_with_dyndns_refresh_interval(multihost, adjoin, extra_networ assert dns.find_ptr(hostname, extra_ip_after_refresh) @staticmethod + @pytest.mark.c_ares def test_0007_set_dyndns_update_ptr_false_ptr_records_are_absent(multihost, adjoin): """ :title: IDM-SSSD-TC: ad_provider: dyndns: set dyndns update ptr false ptr records are absent @@ -349,6 +356,7 @@ def test_0007_set_dyndns_update_ptr_false_ptr_records_are_absent(multihost, adjo assert dns.find_ptr(hostname, ip) is not True @staticmethod + @pytest.mark.c_ares def test_0008_set_dyndns_update_ptr_to_false_ptr_records_are_present( multihost, adjoin, extra_interface, extra_network): """ @@ -407,6 +415,7 @@ def test_0008_set_dyndns_update_ptr_to_false_ptr_records_are_present( assert dns.find_ptr(hostname, new_ip) is not True @staticmethod + @pytest.mark.c_ares def test_0009_check_with_dyndns_force_tcp(multihost, adjoin): """ :title: IDM-SSSD-TC: ad_provider: dyndns: check with dyndns force tcp @@ -456,6 +465,7 @@ def test_0009_check_with_dyndns_force_tcp(multihost, adjoin): assert dns.find_ptr(hostname, ip) @staticmethod + @pytest.mark.c_ares def test_0010_check_with_combination_of_addresses( multihost, adjoin, extra_interface, extra_network): """ @@ -496,6 +506,7 @@ def test_0010_check_with_combination_of_addresses( assert dns.find_ptr(hostname, ip) is not True @staticmethod + @pytest.mark.c_ares def test_0011_verify_use_after_free_in_dyndns_code_bz1132361(multihost, adjoin): """ :title: IDM-SSSD-TC: ad_provider: dyndns: verify use after free in dyndns code bz1132361 diff --git a/src/tests/multihost/admultidomain/conftest.py b/src/tests/multihost/admultidomain/conftest.py index e001c6740c7..0a8fb4a7c40 100644 --- a/src/tests/multihost/admultidomain/conftest.py +++ b/src/tests/multihost/admultidomain/conftest.py @@ -10,6 +10,9 @@ pytest_plugins = ( 'sssd.testlib.common.fixtures', + 'pytest_importance', + 'pytest_ticket', + 'sssd.testlib.common.custom_log', ) @@ -52,8 +55,9 @@ def adjoin(session_multihost, request): ad_host = session_multihost.ad[0].sys_hostname client_ad = sssdTools(session_multihost.client[0], session_multihost.ad[0]) client_ad.update_resolv_conf(session_multihost.ad[0]) + client_ad.update_resolv_conf(session_multihost.ad[len(session_multihost.ad)-1]) client_ad.systemsssdauth(ad_realm, ad_host) - client_ad.disjoin_ad() + client_ad.disjoin_ad(raiseonerr=False) # Make sure system is disjoined from AD client_ad.create_kdcinfo(ad_realm, ad_ip) kinit = f'kinit Administrator@{ad_realm}' ad_password = session_multihost.ad[0].ssh_password @@ -71,7 +75,7 @@ def _join(membersw=None): def adleave(): """ Disjoin AD """ - client_ad.disjoin_ad() + client_ad.disjoin_ad(raiseonerr=False) remove_keytab = 'rm -f /etc/krb5.keytab' kdestroy_cmd = 'kdestroy -A' session_multihost.client[0].run_command(kdestroy_cmd) @@ -98,7 +102,7 @@ def adchildjoin(session_multihost, request): ad_realm = session_multihost.ad[1].realm ad_ip = session_multihost.ad[1].ip client_ad = sssdTools(session_multihost.client[0], session_multihost.ad[1]) - client_ad.disjoin_ad() + client_ad.disjoin_ad(raiseonerr=False) client_ad.create_kdcinfo(ad_realm, ad_ip) kinit = "kinit Administrator@%s" % ad_realm ad_password = session_multihost.ad[1].ssh_password @@ -116,7 +120,7 @@ def _join(membersw=None): def adleave(): """ Disjoin AD """ - client_ad.disjoin_ad() + client_ad.disjoin_ad(raiseonerr=False) remove_keytab = 'rm -f /etc/krb5.keytab' kdestroy_cmd = 'kdestroy -A' session_multihost.client[0].run_command(kdestroy_cmd) diff --git a/src/tests/multihost/admultidomain/test_multidomain.py b/src/tests/multihost/admultidomain/test_multidomain.py index e5f69b31760..bf1512d8e25 100644 --- a/src/tests/multihost/admultidomain/test_multidomain.py +++ b/src/tests/multihost/admultidomain/test_multidomain.py @@ -1,3 +1,5 @@ +import re + import pytest from sssd.testlib.common.utils import sssdTools @@ -8,11 +10,10 @@ class TestADMultiDomain(object): @staticmethod - def test_0001_bz2013297(multihost, newhostname, adchildjoin): + def test_0001_bz2013297(self, multihost, newhostname, adchildjoin): """ - :title: IDM-SSSD-TC: ad_provider: forests: disabled root ad domain - causes subdomains to be marked offline - :id: + :title: IDM-SSSD-TC: ad_provider: forests: disabled root domain causes subdomains to be marked offline + :id: 3055d093-8449-4146-a6e1-b221dee35395 :setup: 1. Configure parent and child domain 2. Join client to child domain @@ -36,7 +37,6 @@ def test_0001_bz2013297(multihost, newhostname, adchildjoin): child_domain = multihost.ad[1].domainname ad_server = multihost.ad[1].hostname - # Configure sssd multihost.client[0].service_sssd('stop') client = sssdTools(multihost.client[0], multihost.ad[1]) client.backup_sssd_conf() @@ -48,24 +48,18 @@ def test_0001_bz2013297(multihost, newhostname, adchildjoin): 'ad_server': ad_server, 'cache_credentials': 'True', } - client.sssd_conf(dom_section, sssd_params) + client.sssd_conf(dom_section, sssd_params, action='update') client.clear_sssd_cache() + multihost.client[0].service_sssd('start') - # Search for the user in root domain getent_root_user1 = multihost.client[0].run_command( - f'getent passwd user1@{ad_domain}', - raiseonerr=False - ) - # Search for the user in child domain + f'getent passwd user1@{ad_domain}', raiseonerr=False) getent_child_user1 = multihost.client[0].run_command( - f'getent passwd child_user1@{child_domain}', - raiseonerr=False - ) + f'getent passwd child_user1@{child_domain}', raiseonerr=False) client.restore_sssd_conf() client.clear_sssd_cache() - # Evaluate test results assert getent_root_user1.returncode == 0 assert getent_child_user1.returncode == 0 @@ -78,33 +72,26 @@ def test_0001_bz2013297(multihost, newhostname, adchildjoin): 'ad_server': ad_server, 'ad_enabled_domains': child_domain } - client.sssd_conf(dom_section, sssd_params) + client.sssd_conf(dom_section, sssd_params, action='update') client.clear_sssd_cache() + multihost.client[0].service_sssd('start') - # Search for the user in root domain getent_root_user2 = multihost.client[0].run_command( - f'getent passwd user1@{ad_domain}', - raiseonerr=False - ) - # Search for the user in child domain + f'getent passwd user1@{ad_domain}', raiseonerr=False) getent_child_user2 = multihost.client[0].run_command( - f'getent passwd child_user1@{child_domain}', - raiseonerr=False - ) + f'getent passwd child_user1@{child_domain}', raiseonerr=False) client.restore_sssd_conf() client.clear_sssd_cache() - # Evaluate test results assert getent_root_user2.returncode == 2 assert getent_child_user2.returncode == 0 @staticmethod - def test_0002_bz2018432(multihost, newhostname, adjoin): + def test_0002_bz2018432(self, multihost, newhostname, adjoin): """ - :title: IDM-SSSD-TC: ad_provider: forests: based SSSD adds more AD - domains than it should be based on the configuration file - :id: + :title: IDM-SSSD-TC: ad_provider: forests: sssctl domain_list shows more domains than it should + :id: b2c9efc8-b3a6-4216-99d6-7ae1d868c43f :setup: 1. Configure several domains, this suite contains 4 trusted domains 2. Join client to parent domain @@ -117,8 +104,6 @@ def test_0002_bz2018432(multihost, newhostname, adjoin): adjoin(membersw='adcli') ad_domain = multihost.ad[0].domainname ad_server = multihost.ad[0].hostname - - # Configure sssd multihost.client[0].service_sssd('stop') client = sssdTools(multihost.client[0], multihost.ad[0]) client.backup_sssd_conf() @@ -130,13 +115,11 @@ def test_0002_bz2018432(multihost, newhostname, adjoin): 'ad_server': ad_server, 'cache_credentials': 'True' } - client.sssd_conf(dom_section, sssd_params) + client.sssd_conf(dom_section, sssd_params, action='update') client.clear_sssd_cache() - # List domains - # The lists have to be manipulated, the DC in the other forest - # needs to be removed as well as implicit_files from the output - domain_list_cmd = multihost.client[0].run_command( - 'sssctl domain-list', raiseonerr=False) + multihost.client[0].service_sssd('start') + # The output needs to be pruned of servers that are not apart of the forest and 'implicit files' + domain_list_cmd = multihost.client[0].run_command('sssctl domain-list', raiseonerr=False) domain_list = domain_list_cmd.stdout_text.split('\n') if "" in domain_list: domain_list.remove("") @@ -145,11 +128,68 @@ def test_0002_bz2018432(multihost, newhostname, adjoin): multihost_list = [] for x in multihost.ad: multihost_list.append(x.domainname) - # This is necessary because the AD server in the second forest needs to - # be removed from the list. multihost_list.pop() domain_list.sort() multihost_list.sort() assert domain_list == multihost_list + + @staticmethod + def test_0003_bz2167728(self, multihost, newhostname, adchildjoin): + """ + :title: IDM-SSSD-TC: ad_provider: forests: bz2167728 Auth fails if client cannot speak to forest root domain + :id: e9ba9423-0a42-4379-a900-637c79ff0e5c + :setup: + 1. Clear out the contents of [domain_realm] in /etc/krb5.conf + 2. Join client to child domain + :steps: + 1. Lookup root, child and tree domain users + :expectedresults: + 1. All lookups should work + :customerscenario: True + """ + client = sssdTools(multihost.client[0], multihost.ad[1]) + krb5 = multihost.client[0].get_file_contents('/etc/krb5.conf', encoding='utf-8') + resolv = multihost.client[0].get_file_contents('/etc/resolv.conf', encoding='utf-8') + domain = multihost.ad[0].domainname + ip = multihost.ad[0].ip + child_domain = multihost.ad[1].domainname + child_ip = multihost.ad[1].ip + tree_domain = multihost.ad[2].domainname + tree_ip = multihost.ad[2].ip + + # To verify this bug the contents of /etc/krb5.conf needs to have no [realm] entries + for x in multihost.ad: + _domain = x.domainname + _domain_upper = _domain.capitalize() + _krb5 = multihost.client[0].get_file_contents('/etc/krb5.conf', encoding='utf-8') + _krb5_1 = re.sub(f"^.{_domain} = {_domain_upper}", "", re.sub(f"^{_domain} = {_domain_upper}", "", _krb5)) + multihost.client[0].put_file_contents('/etc/krb5.conf', _krb5_1) + adchildjoin(membersw='adcli') + + multihost.client[0].service_sssd('stop') + client.backup_sssd_conf() + sssd_domain = f'domain/{client.get_domain_section_name()}' + sssd_params = {'debug_level': '9'} + client.sssd_conf(sssd_domain, sssd_params, action='update') + + client.update_resolv_conf(child_ip) + client.update_resolv_conf(ip) + client.update_resolv_conf(tree_ip) + + multihost.client[0].service_sssd('start') + + getent1 = multihost.client[0].run_command(f'getent passwd user1@{domain}', raiseonerr=False) + getent2 = multihost.client[0].run_command(f'getent passwd child_user1@{child_domain}', raiseonerr=False) + getent3 = multihost.client[0].run_command(f'getent passwd tree_user1@{tree_domain}', raiseonerr=False) + + multihost.client[0].put_file_contents('/etc/krb5.conf', krb5) + multihost.client[0].run_command('chattr -i /etc/resolv.conf', raiseonerror=False) + multihost.client[0].put_file_contents('/etc/resolv.conf', resolv) + multihost.client[0].run_command('chattr +i /etc/resolv.conf', raiseonerror=False) + client.restore_sssd_conf() + + assert getent1.returncode == 0, f'Could not find user1@{domain}!' + assert getent2.returncode == 0, f'Could not find child_user1@{child_domain}!' + assert getent3.returncode == 0, f'Could not find tree_user1@{tree_domain}!' diff --git a/src/tests/multihost/admultidomain/test_multiforest.py b/src/tests/multihost/admultidomain/test_multiforest.py index b9a9e7e280c..cd710036b0a 100644 --- a/src/tests/multihost/admultidomain/test_multiforest.py +++ b/src/tests/multihost/admultidomain/test_multiforest.py @@ -1,5 +1,4 @@ import subprocess -import time import pytest @@ -11,61 +10,58 @@ class TestADMultiForest(object): @staticmethod - def test_0001_multiforest(multihost, newhostname, adjoin): + def test_0001_multiforest(self, multihost, newhostname, adjoin): """ - :title: IDM-SSSD-TC: ad_provider: admultiforest - :id: + :title: IDM-SSSD-TC: ad_provider: admultiforest : Authentication against two forests + :id: 900f2467-1aca-430c-bbaa-b22d30a829ad :setup: 1. Configure two domain controllers in different forests 2. Join client to the first domain 3. Update sssd.conf for second domain 4. Update krb5.conf for second domain - 5. Create krb principal and update sssd.conf + 5. Create krb principal and keytab for second domain in the second forest and update sssd.conf :steps: - 1. Lookup user in the first domain - 2. Lookup user in the second domain + 1. Lookup user in the root domain of the first forest + 2. Lookup user in the root domain fo the second forest :expectedresults: - 1. User is found in the first domain - 2. User is found in the second domain + 1. User is found in the root domain in the first forest + 2. User is found in the root domain in the second forest :customerscenario: True """ adjoin(membersw='adcli') ad_domain = multihost.ad[0].domainname ad_server = multihost.ad[0].hostname - # This must be the last AD server in the metadata file - ad1_domain = multihost.ad[len(multihost.ad) - 1].domainname + # The second forest domain must be the last entry in the metadata file + ad1_ip = multihost.ad[len(multihost.ad)-1].ip + ad1_domain = multihost.ad[len(multihost.ad)-1].domainname ad1_domain_upper = str.upper(ad1_domain) - ad1_server = multihost.ad[len(multihost.ad) - 1].hostname - ad1_password = multihost.ad[len(multihost.ad) - 1].ssh_password + ad1_server = multihost.ad[len(multihost.ad)-1].hostname + ad1_password = multihost.ad[len(multihost.ad)-1].ssh_password - get_keytab = f'adcli join --host-keytab=/etc/krb5.keytab-domain1 ' \ - f'{ad1_domain}' - change_context = 'chcon -t krb5_keytab_t /etc/krb5.keytab-domain1' - backup_krb5 = 'cp -rf /etc/krb5.conf /etc/krb5.conf.bak' - restore_krb5 = 'mv /etc/krb5.conf.bak /etc/krb5.conf ; ' \ - 'restorecon -Rv /etc/krb5.conf' - cleanup_krb5 = 'rm -rf /etc/krb5.keytab-domain1' - edit_krb5_conf = f'sed -i "/domain_realm/a .{ad1_domain} ' \ - f'= {ad1_domain_upper}" /etc/krb5.conf' - edit1_krb5_conf = f'sed -i "/domain_realm/a {ad1_domain} ' \ - f'= {ad1_domain_upper}" /etc/krb5.conf' + hosts = multihost.client[0].get_file_contents('/etc/hosts', encoding='utf-8') + hosts_new = hosts + f'{ad1_ip} {ad1_server}' + multihost.client[0].put_file_contents('/etc/hosts.bak', hosts) + multihost.client[0].put_file_contents('/etc/hosts', hosts_new) + get_keytab = f'adcli join -v -K /etc/krb5-domain1.keytab -D {ad1_domain} -S {ad1_server} --stdin-password' + change_context = 'chcon -t krb5_keytab_t /etc/krb5-domain1.keytab' + cleanup_krb5 = 'rm -rf /etc/krb5-domain1.keytab' + krb5 = multihost.client[0].get_file_contents('/etc/krb5.conf', encoding='utf-8') + substr = 'domain_realm]\n' + new_lines = f"{ad1_domain} = {ad1_domain_upper}\n.{ad1_domain} = {ad1_domain_upper}\n" + krb5_new = krb5.replace(substr, substr + new_lines) try: - multihost.client[0].run_command(get_keytab, - stdin_text=ad1_password) + multihost.client[0].run_command(get_keytab, stdin_text=ad1_password) except subprocess.CalledProcessError: pytest.fail("adcli join failed") - multihost.client[0].run_command(backup_krb5, raiseonerr=False) - multihost.client[0].run_command(edit_krb5_conf, raiseonerr=False) - multihost.client[0].run_command(edit1_krb5_conf, raiseonerr=False) - multihost.client[0].run_command(change_context, raiseonerr=False) + multihost.client[0].put_file_contents('/etc/krb5.conf', krb5_new) + multihost.client[0].run_command(change_context) # Configure sssd multihost.client[0].service_sssd('stop') client = sssdTools(multihost.client[0], multihost.ad[0]) client.backup_sssd_conf() - client.sssd_conf("sssd", { - 'domains': f'{ad_domain}, {ad1_domain}'}, action='update') + client.sssd_conf("sssd", {'domains': f'{ad_domain}, {ad1_domain}'}, action='update') domain_params = { 'ad_domain': f'{ad_domain}', 'dns_discovery_domain': f'{ad_domain}', @@ -74,8 +70,7 @@ def test_0001_multiforest(multihost, newhostname, adjoin): 'use_fully_qualified_names': 'True', 'cache_credentials': 'True', 'dyndns_update': 'True'} - client.sssd_conf( - f'domain/{ad_domain}', domain_params, action='update') + client.sssd_conf(f'domain/{ad_domain}', domain_params, action='update') domain1_params = { 'ad_domain': f'{ad1_domain}', 'ad_server': f'{ad1_server}', @@ -85,49 +80,39 @@ def test_0001_multiforest(multihost, newhostname, adjoin): 'cache_credentials': 'True', 'realmd_tags': 'manages-system joined-with-samba', 'dyndns_update': 'False', - 'krb5_keytab': '/etc/krb5.keytab-domain1', - 'ldap_krb5_keytab': '/etc/krb5.keytab-domain1', + 'krb5_keytab': '/etc/krb5-domain1.keytab', + 'ldap_krb5_keytab': '/etc/krb5-domain1.keytab', 'id_provider': 'ad', 'access_provider': 'ad', 'timeout': '3600', 'krb5_store_password_if_offline': 'True', 'default_shell': '/bin/bash', 'ldap_id_mapping': 'True'} - client.sssd_conf( - f'domain/{ad1_domain}', domain1_params, action='update') + client.sssd_conf(f'domain/{ad1_domain}', domain1_params, action='update') client.clear_sssd_cache() multihost.client[0].service_sssd('start') - time.sleep(10) # Search for the user in same forest and domain - getent_domain_user1 = multihost.client[0].run_command( - f'getent passwd user1@{ad_domain}', raiseonerr=False) - getent_domain_user2 = multihost.client[0].run_command( - f'getent passwd user2@{ad_domain}', raiseonerr=False) - id_domain_user1 = multihost.client[0].run_command( - f'id user1@{ad_domain}', raiseonerr=False) - id_domain_user2 = multihost.client[0].run_command( - f'id user2@{ad_domain}', raiseonerr=False) + getent_domain_user1 = multihost.client[0].run_command(f'getent passwd user1@{ad_domain}', raiseonerr=False) + getent_domain_user2 = multihost.client[0].run_command(f'getent passwd user2@{ad_domain}', raiseonerr=False) + id_domain_user1 = multihost.client[0].run_command(f'id user1@{ad_domain}', raiseonerr=False) + id_domain_user2 = multihost.client[0].run_command(f'id user2@{ad_domain}', raiseonerr=False) # Search for the user in a different forest and domain - getent_domain1_user1 = multihost.client[0].run_command( - f'getent passwd user1@{ad1_domain}', raiseonerr=False) - getent_domain1_user2 = multihost.client[0].run_command( - f'getent passwd user2@{ad1_domain}', raiseonerr=False) - id_domain1_user1 = multihost.client[0].run_command( - f'id user1@{ad1_domain}', raiseonerr=False) - id_domain1_user2 = multihost.client[0].run_command( - f'id user2@{ad1_domain}', raiseonerr=False) + getent_domain1_user1 = multihost.client[0].run_command(f'getent passwd user1@{ad1_domain}', raiseonerr=False) + getent_domain1_user2 = multihost.client[0].run_command(f'getent passwd user2@{ad1_domain}', raiseonerr=False) + id_domain1_user1 = multihost.client[0].run_command(f'id user1@{ad1_domain}', raiseonerr=False) + id_domain1_user2 = multihost.client[0].run_command(f'id user2@{ad1_domain}', raiseonerr=False) - multihost.client[0].run_command(restore_krb5, raiseonerr=False) - multihost.client[0].run_command(cleanup_krb5, raiseonerr=False) + multihost.client[0].put_file_contents('/etc/hosts', hosts) + multihost.client[0].put_file_contents('/etc/krb5.conf', krb5) + multihost.client[0].run_command(cleanup_krb5) client.restore_sssd_conf() - client.clear_sssd_cache() - # Evaluate test results - assert getent_domain_user1.returncode == 0 - assert getent_domain_user2.returncode == 0 - assert id_domain_user1.returncode == 0 - assert id_domain_user2.returncode == 0 - assert getent_domain1_user1.returncode == 0 - assert getent_domain1_user2.returncode == 0 - assert id_domain1_user1.returncode == 0 - assert id_domain1_user2.returncode == 0 + assert getent_domain_user1.returncode == 0, f"Could not find user1 {getent_domain_user1}!" + assert getent_domain_user2.returncode == 0, f"Could not find user1 {getent_domain_user2}!" + assert id_domain_user1.returncode == 0, f"Could not find user1 {id_domain1_user1}!" + assert id_domain_user2.returncode == 0, f"Could not find user2 {id_domain_user2}!" + assert getent_domain1_user1.returncode == 0, f"Could not find user1 {getent_domain1_user1}!" + assert getent_domain1_user2.returncode == 0, f"Could not find user2 {getent_domain1_user2}!" + assert id_domain1_user1.returncode == 0, f"Could not find user1 {id_domain1_user1}!" + assert id_domain1_user2.returncode == 0, f"Could not find user2 {id_domain1_user2}!" + diff --git a/src/tests/multihost/adsites/conftest.py b/src/tests/multihost/adsites/conftest.py index 2be0951cdea..cd2615b4a2d 100644 --- a/src/tests/multihost/adsites/conftest.py +++ b/src/tests/multihost/adsites/conftest.py @@ -13,6 +13,9 @@ pytest_plugins = ( 'sssd.testlib.common.fixtures', + 'pytest_importance', + 'pytest_ticket', + 'sssd.testlib.common.custom_log', ) diff --git a/src/tests/multihost/adsites/test_adsites.py b/src/tests/multihost/adsites/test_adsites.py index 0f1337e89bc..ef2eb68a77c 100644 --- a/src/tests/multihost/adsites/test_adsites.py +++ b/src/tests/multihost/adsites/test_adsites.py @@ -16,6 +16,7 @@ class Testadsites(object): 3. Create secondary site, move second domain controller to second site """ @pytest.mark.adsites + @pytest.mark.c_ares def test_001_ad_startup_discovery(self, multihost, adjoin): """ @Title: IDM-SSSD-TC: ad_startup_discovery @@ -69,6 +70,7 @@ def test_001_ad_startup_discovery(self, multihost, adjoin): assert check_discovery.returncode == 0 @pytest.mark.adsites + @pytest.mark.c_ares def test_002_ad_startup_discovery_one_server_unreachable(self, multihost, adjoin): """ @@ -137,6 +139,7 @@ def test_002_ad_startup_discovery_one_server_unreachable(self, multihost, multihost.client[0].run_command(fw_remove, raiseonerr=True) @pytest.mark.adsites + @pytest.mark.c_ares def test_003_ad_startup_discovery_two_different_sites(self, multihost, adjoin, create_site): """ @@ -189,6 +192,7 @@ def test_003_ad_startup_discovery_two_different_sites(self, multihost, assert check_discovery.returncode == 0 @pytest.mark.adsites + @pytest.mark.c_ares def test_004_ad_startup_discovery_one_server_unreachable(self, multihost, adjoin, diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 97454560877..ce3edaa3054 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -20,6 +20,9 @@ pytest_plugins = ( 'sssd.testlib.common.fixtures', + 'pytest_importance', + 'pytest_ticket', + 'sssd.testlib.common.custom_log', ) diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py index 3d00301d113..b822656b144 100644 --- a/src/tests/multihost/alltests/test_automount.py +++ b/src/tests/multihost/alltests/test_automount.py @@ -17,6 +17,16 @@ JOURNALCTL_CMD = "journalctl -x -n 50 --no-pager" +def restart_autofs(multihost): + for _ in range(1, 20): + cmd = multihost.client[0].run_command("systemctl restart autofs", raiseonerr=False).returncode + if cmd == 0: + break + time.sleep(10) + else: + raise Exception("autofs restart failed too many times") + + @pytest.mark.usefixtures("setup_sssd", "create_posix_usersgroups", "enable_autofs_schema", "enable_autofs_service") @pytest.mark.automount @@ -276,17 +286,17 @@ def test_two_automount_maps(self, multihost, "rm -rf /var/log/sssd/* ; " "rm -rf /var/lib/sss/db/* ; " "systemctl start sssd") - multihost.client[0].run_command("systemctl restart autofs") + time.sleep(10) + restart_autofs(multihost) multihost.client[0].run_command("automount -m") multihost.master[0].run_command("touch /export1/export1") multihost.master[0].run_command("touch /export2/export2") time.sleep(2) MIT_export = multihost.client[0].run_command("ls /home/MIT") mit_export = multihost.client[0].run_command("ls /home/mit") - assert 'export1' in MIT_export.stdout_text - assert 'export2' in mit_export.stdout_text restore = 'cp -af /etc/exports.backup /etc/exports' multihost.master[0].run_command(restore) + multihost.client[0].run_command("systemctl stop autofs", raiseonerr=False) stop_nfs = 'systemctl stop nfs-server' multihost.master[0].run_command(stop_nfs) for dn_dn in [f'automountinformation={nfs_server_ip}:/export1,' @@ -301,6 +311,8 @@ def test_two_automount_maps(self, multihost, multihost.master[0].run_command(f'ldapdelete -x -D ' f'"cn=Directory Manager" ' f'-w Secret123 -H ldap:// {dn_dn}') + assert 'export1' in MIT_export.stdout_text + assert 'export2' in mit_export.stdout_text @pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True) @pytest.mark.tier2 diff --git a/src/tests/multihost/alltests/test_automount_from_bash.py b/src/tests/multihost/alltests/test_automount_from_bash.py index b7fe7614132..0bf632adb44 100644 --- a/src/tests/multihost/alltests/test_automount_from_bash.py +++ b/src/tests/multihost/alltests/test_automount_from_bash.py @@ -50,11 +50,12 @@ def common_sssd_setup(multihost): @pytest.fixture(scope='function') -def ldap_autofs(multihost): +def ldap_autofs(multihost, request): """ This is common sssd setup used in this test suite. """ tools = sssdTools(multihost.client[0]) + multihost.client[0].run_command("mount") tools.sssd_conf("nss", {'filter_groups': 'root', 'filter_users': 'root', 'debug_level': '9'}, action='update') @@ -71,6 +72,10 @@ def ldap_autofs(multihost): "ldap_autofs_entry_value": "nisMapEntry"}, action='update') tools.clear_sssd_cache() + def restore(): + """Will restore client after test.""" + multihost.client[0].run_command("systemctl restart autofs", raiseonerr=False) + request.addfinalizer(restore) @pytest.fixture(scope='class') def nfs_server_setup(multihost, request): @@ -103,7 +108,7 @@ def create_users(multihost, request): client.run_command("authselect select sssd --force") client.run_command("cp -f /etc/nsswitch.conf /etc/nsswitch.conf.backup") client.run_command("cp -f /etc/sysconfig/autofs /etc/sysconfig/autofs_bkp") - client.run_command("sed -i 's/automount: files/automount: sss files/g' /etc/nsswitch.conf") + client.run_command("sed --follow-symlinks -i 's/automount: files/automount: sss files/g' /etc/nsswitch.conf") ldap_uri = f'ldap://{multihost.master[0].sys_hostname}' ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) ldap_inst.org_unit("mount", ds_suffix) @@ -665,7 +670,7 @@ def test_change_key_map(multihost, backupsssdconf, ldap_autofs): client.run_command("service autofs restart") time.sleep(10) with pytest.raises(subprocess.CalledProcessError): - client.run_command("cd /folder1/folder2/projects;cd -") + client.run_command("ls -d /folder1/folder2/projects") find_logs(multihost, log_sssd, f"Searching for automount map entries with base [ou=mount,{ds_suffix}]") # Adding the deleted direct map user_dn = f'cn=/folder1/folder2/projects,nisMapName=auto.direct,ou=mount,{ds_suffix}' diff --git a/src/tests/multihost/alltests/test_autoprivategroup.py b/src/tests/multihost/alltests/test_autoprivategroup.py index 416763808d9..e551a145aa1 100644 --- a/src/tests/multihost/alltests/test_autoprivategroup.py +++ b/src/tests/multihost/alltests/test_autoprivategroup.py @@ -18,6 +18,7 @@ 'create_posix_usersgroups_autoprivategroups') @pytest.mark.autoprivategroup class TestAutoPrivateGroups(object): + @pytest.mark.converted('test_auto_private_groups.py', 'test_auto_private_groups__hybrid') @pytest.mark.tier1 def test_0001_bz1695577(self, multihost, backupsssdconf): """ @@ -29,13 +30,7 @@ def test_0001_bz1695577(self, multihost, backupsssdconf): tools = sssdTools(multihost.client[0]) apg = {'auto_private_groups': 'hybrid'} tools.sssd_conf('domain/%s' % (ds_instance_name), apg) - section = "sssd" - """ - enable_files_domain = false is a workaround - Remove that once original bz fixes it""" - sssd_params = {'enable_files_domain': 'False'} tools.remove_sss_cache('/var/lib/sss/db') - tools.sssd_conf(section, sssd_params) multihost.client[0].service_sssd('start') for i in range(9): lkup = 'id foobar%d@%s' % (i, ds_instance_name) @@ -47,6 +42,7 @@ def test_0001_bz1695577(self, multihost, backupsssdconf): output = cmd.stdout_text.split(':') assert int(output[2]) == int(output[3]) + @pytest.mark.converted('test_auto_private_groups.py', 'test_auto_private_groups__hybrid') @pytest.mark.tier1 def test_0002_bz1695577(self, multihost, backupsssdconf): """ @@ -58,13 +54,7 @@ def test_0002_bz1695577(self, multihost, backupsssdconf): tools = sssdTools(multihost.client[0]) apg = {'auto_private_groups': 'hybrid'} tools.sssd_conf('domain/%s' % (ds_instance_name), apg) - section = "sssd" - """ - enable_files_domain = false is a workaround - Remove that once original bz fixes it""" - sssd_params = {'enable_files_domain': 'False'} tools.remove_sss_cache('/var/lib/sss/db') - tools.sssd_conf(section, sssd_params) multihost.client[0].service_sssd('start') lkup = 'getent passwd foobar11@%s' % (ds_instance_name) cmd = multihost.client[0].run_command(lkup, raiseonerr=False) diff --git a/src/tests/multihost/alltests/test_backtrace.py b/src/tests/multihost/alltests/test_backtrace.py index e578d946400..c73df663a7a 100644 --- a/src/tests/multihost/alltests/test_backtrace.py +++ b/src/tests/multihost/alltests/test_backtrace.py @@ -13,7 +13,7 @@ import time import pytest from sssd.testlib.common.utils import sssdTools -from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.ssh2_python import check_login_client from constants import ds_instance_name @@ -34,10 +34,7 @@ def no_fallback_dir(multihost): tools.clear_sssd_cache() user = f'foo1@{ds_instance_name}' # Authenticate user - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) + check_login_client(multihost, user, 'Secret123') @pytest.mark.usefixtures('setup_sssd', 'create_posix_usersgroups') @@ -72,6 +69,10 @@ def test_0001_bz2021196(self, multihost, backupsssdconf): 7. Should fail as expected 8. Should have string 'skipping repetitive backtrace' """ + arch = multihost.client[0].run_command( + 'uname -m', raiseonerr=False).stdout_text + if 'x86_64' not in arch: + pytest.skip("Test is unstable on architectures other than x86_64.") bad_url(multihost) tools = sssdTools(multihost.client[0]) section = f"domain/{ds_instance_name}" @@ -103,7 +104,7 @@ def test_0001_bz2021196(self, multihost, backupsssdconf): decode('utf-8') print(f'\n{logfile}\n+===++++++===+\n{log_str2}\n') # Check the backtrace is dumped first time and no backtrace is skipped - assert pattern.search(log_str1) and not pattern2.search(log_str1) + assert len(pattern.findall(log_str1)) == len(pattern2.findall(log_str1)) == 1 # Check there is no new backtrace with the same issue and repeative # backtrace is skipped assert pattern2.search(log_str2) and not pattern.search(log_str2) diff --git a/src/tests/multihost/alltests/test_cache_testing.py b/src/tests/multihost/alltests/test_cache_testing.py index 650dcbc16a4..771a5e18e20 100644 --- a/src/tests/multihost/alltests/test_cache_testing.py +++ b/src/tests/multihost/alltests/test_cache_testing.py @@ -11,6 +11,7 @@ import time from constants import ds_instance_name from sssd.testlib.common.utils import sssdTools +from sssd.testlib.common.ssh2_python import check_login_client_bool @pytest.fixture(scope='class') @@ -163,8 +164,7 @@ def test_0005_Expire_User_Entries_ans_Run_User_Auth(multihost): """ invalidate_cache = "sss_cache -E" cmd = multihost.client[0].run_command(invalidate_cache, raiseonerr=False) - client = sssdTools(multihost.client[0]) - ssh = client.auth_from_client('foo1', 'Secret123') + ssh = check_login_client_bool(multihost, 'foo1', 'Secret123') ldb_cmd = f"ldbsearch -H /var/lib/sss/db/cache_{ds_instance_name}.ldb \ -b 'name=foo1@{ds_instance_name},cn=users,cn={ds_instance_name},cn=sysdb' > /tmp/file_ldb" ldb_cmd2 = f"ldbsearch -H /var/lib/sss/db/timestamps_{ds_instance_name}.ldb \ @@ -173,8 +173,8 @@ def test_0005_Expire_User_Entries_ans_Run_User_Auth(multihost): cmd2 = multihost.client[0].run_command(ldb_cmd2, raiseonerr=False) cmd1_output = multihost.client[0].get_file_contents('/tmp/file_ldb').decode('utf-8') cmd2_output = multihost.client[0].get_file_contents('/tmp/file_ldb2').decode('utf-8') + assert ssh, 'foo1 user is unable to login' assert cmd.returncode == 0, f'{invalidate_cache} did not execute successfully' - assert ssh == 3, "User foo1 failed to log In" assert cmd1.returncode == 0, f'{ldb_cmd} did not execute successfully' assert "dataExpireTimestamp: 1\n" in cmd1_output, "dataExpireTimestamp not found in /tmp/file_ldb" assert cmd2.returncode == 0, f'{ldb_cmd2} did not execute successfully' @@ -445,11 +445,10 @@ def test_0013_Modify_User_Attribute(multihost): user = 'uid=foo1,ou=People,dc=example,dc=test' content = f'''dn: {user}\nchangetype: modify\nreplace: loginShell\nloginShell: /bin/sh\n''' - multihost.client[0].put_file_contents("changes.ldif", content) - ldap_cmd = f'ldapmodify -x -H ldap://{multihost.master[0].sys_hostname} \ - -D "cn=Directory Manager" -w "Secret123" -f changes.ldif' + multihost.client[0].put_file_contents("/tmp/changes.ldif", content) + ldap_cmd = f'ldapmodify -x -H ldap://{multihost.master[0].sys_hostname}' \ + f' -D "cn=Directory Manager" -w "Secret123" -f /tmp/changes.ldif' cmd2 = multihost.client[0].run_command(ldap_cmd, raiseonerr=False) - client.get_getent_passwd('foo1') ldb_cmd = f"ldbsearch -H /var/lib/sss/db/cache_{ds_instance_name}.ldb \ diff --git a/src/tests/multihost/alltests/test_config_validation.py b/src/tests/multihost/alltests/test_config_validation.py index bada3652031..0cda3bebc84 100644 --- a/src/tests/multihost/alltests/test_config_validation.py +++ b/src/tests/multihost/alltests/test_config_validation.py @@ -22,6 +22,7 @@ class TestConfigValidation(object): """ SSSD Config Validation """ @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__check_typo_option_name') def test_0001_searchbase(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify typos in option @@ -41,6 +42,7 @@ def test_0001_searchbase(self, multihost, backupsssdconf): assert log_1.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__check_typo_domain_name') def test_0002_domainname(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify typos in domain @@ -58,6 +60,7 @@ def test_0002_domainname(self, multihost, backupsssdconf): assert log_1.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__check_invalid_option_name_in_snippet') def test_0003_snippetfile(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify typos in option @@ -79,6 +82,7 @@ def test_0003_snippetfile(self, multihost, backupsssdconf): multihost.client[0].run_command(rm_snippet_file, raiseonerr=False) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__check_invalid_domain_name_in_snippet') def test_0004_snippetfile(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify typos in domain @@ -100,6 +104,7 @@ def test_0004_snippetfile(self, multihost, backupsssdconf): multihost.client[0].run_command(rm_snippet_file, raiseonerr=False) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__check_misplaced_option') def test_0005_misplaced(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify misplaced @@ -119,6 +124,7 @@ def test_0005_misplaced(self, multihost, backupsssdconf): assert log.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__check_typo_option_name') def test_0006_sameerrors(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify same error when @@ -140,6 +146,7 @@ def test_0006_sameerrors(self, multihost, backupsssdconf): assert log_1.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__missing_equal_sign') def test_0007_equalsign(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: No equal sign between @@ -157,6 +164,7 @@ def test_0007_equalsign(self, multihost, backupsssdconf): print(log.search(cmd.stderr_text)) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__special_character_option_name') def test_0008_specialcharacter(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Option name contains @@ -175,6 +183,7 @@ def test_0008_specialcharacter(self, multihost, backupsssdconf): assert log_1.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__check_typo_domain_name') def test_0009_sectionname(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify typos in @@ -194,6 +203,7 @@ def test_0009_sectionname(self, multihost, backupsssdconf): assert log_1.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__special_character_section_name') def test_0010_splcharacters(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify typos @@ -213,6 +223,7 @@ def test_0010_splcharacters(self, multihost, backupsssdconf): assert log_1.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__special_character_domain_name') def test_0011_splcharacters(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify typos (special @@ -232,6 +243,7 @@ def test_0011_splcharacters(self, multihost, backupsssdconf): assert log_1.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__forward_slash_missing') def test_0012_forwardslash(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Forward slash is not @@ -250,6 +262,7 @@ def test_0012_forwardslash(self, multihost, backupsssdconf): assert log_1.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__sssd_section_name_typo') def test_0013_sectiontypos(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: @@ -267,6 +280,7 @@ def test_0013_sectiontypos(self, multihost, backupsssdconf): assert log_1.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__pam_section_name_typo') def test_0014_pamsection(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Typos in pam section @@ -283,6 +297,7 @@ def test_0014_pamsection(self, multihost, backupsssdconf): assert log.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__nss_section_name_typo') def test_0015_nsssection(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Typos in nss section @@ -299,6 +314,7 @@ def test_0015_nsssection(self, multihost, backupsssdconf): assert log.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__verify_permission') def test_0016_verifypermission(self, multihost): """ :title: IDM-SSSD-TC: Configuration validation: Verify the permission @@ -317,6 +333,7 @@ def test_0016_verifypermission(self, multihost): multihost.client[0].run_command(restore_mod, raiseonerr=False) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__verify_ownership') def test_0017_verifyownership(self, multihost): """ :title: IDM-SSSD-TC: Configuration validation: Verify the ownership @@ -344,6 +361,7 @@ def test_0017_verifyownership(self, multihost): multihost.client[0].run_command(restore_chown, raiseonerr=False) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__verify_missing_closing_bracket') def test_0018_closingbrackets(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify the closing @@ -361,6 +379,7 @@ def test_0018_closingbrackets(self, multihost, backupsssdconf): assert log_1.search(cmd.stderr_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__verify_missing_opening_bracket') def test_0019_openingbracket(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Check starting square @@ -378,6 +397,7 @@ def test_0019_openingbracket(self, multihost, backupsssdconf): log_1 = re.compile(r'.Equal\ssign\sis\smissing.*') assert log_1.search(cmd.stderr_text) +# Useless? @pytest.mark.tier1 def test_0020_fatalerror(self, multihost, backupsssdconf): """ @@ -401,6 +421,7 @@ def test_0020_fatalerror(self, multihost, backupsssdconf): assert log.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__verify_typo_in_config_with_two_domains') def test_0021_twodomain(self, multihost, multidomain_sssd): """ :title: IDM-SSSD-TC: Configuration validation: Verify typo in option @@ -422,6 +443,7 @@ def test_0021_twodomain(self, multihost, multidomain_sssd): multihost.client[0].run_command(restore) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__config_does_not_exist') def test_0022_fatalerror(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: No sssctl commands can @@ -432,11 +454,11 @@ def test_0022_fatalerror(self, multihost, backupsssdconf): multihost.client[0].run_command(rm_cmd, raiseonerr=False) sssctl_cmd = 'sssctl config-check' cmd = multihost.client[0].run_command(sssctl_cmd, raiseonerr=False) - assert cmd.returncode == 0 log = re.compile(r'sssd.conf\sdoes\snot\sexist') - assert log.search(cmd.stdout_text) + assert cmd.returncode == 1 and log.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__check_ldap_host_object_class_in_domain') def test_0023_checkldaphostobjectdomain(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Check @@ -453,6 +475,7 @@ def test_0023_checkldaphostobjectdomain(self, multihost, backupsssdconf): assert cmd.returncode == 0 @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__check_ldap_host_object_class_in_sssd') def test_0024_checkldaphostobjectsssd(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Check @@ -472,6 +495,7 @@ def test_0024_checkldaphostobjectsssd(self, multihost, backupsssdconf): assert log.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__enabling_2FA') def test_0025_check2FA(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Check false @@ -497,6 +521,7 @@ def test_0025_check2FA(self, multihost, backupsssdconf): assert cmd.returncode == 0 @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__auto_private_groups_in_child_domain') def test_0026_checkchilddomain(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: sssctl config-check @@ -518,6 +543,7 @@ def test_0026_checkchilddomain(self, multihost, backupsssdconf): assert cmd.returncode == 0 @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__non_default_config_location_snippet_directory') def test_0027_bz1723273(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration merging: sssctl config-check @@ -538,6 +564,8 @@ def test_0027_bz1723273(self, multihost, backupsssdconf): sssctl_check.returncode == 1 @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__non_default_config_location_permission') + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__non_default_config_location_ownership') def test_0028_bz1723273(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration merging: sssctl config-check @@ -561,6 +589,7 @@ def test_0028_bz1723273(self, multihost, backupsssdconf): sssctl_check.returncode == 1 @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__non_default_config_location_option_name_typo') def test_0029_bz1723273(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify typos in option @@ -587,6 +616,7 @@ def test_0029_bz1723273(self, multihost, backupsssdconf): and sssctl_check.returncode == 1 @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__non_default_config_location_snippet_is_present') def test_0030_bz1723273(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Does not complain @@ -612,14 +642,14 @@ def test_0030_bz1723273(self, multihost, backupsssdconf): and sssctl_check.returncode == 1 @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__non_existing_snippet') def test_0031_bz1723273(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: complains about non existing snippet directory :id: 3d30164f-b80b-4594-883d-1783d9337031 """ - sssctl_cmd = 'sssctl config-check -c /tmp/test/sssd.conf -s ' \ - '/tmp/does/not/exists' + sssctl_cmd = 'sssctl config-check -s /tmp/does/not/exists' sssctl_check = multihost.client[0].run_command(sssctl_cmd, raiseonerr=False) result = sssctl_check.stdout_text.strip() diff --git a/src/tests/multihost/alltests/test_default_debug_level.py b/src/tests/multihost/alltests/test_default_debug_level.py index 84913c8df3d..ede9f205f14 100644 --- a/src/tests/multihost/alltests/test_default_debug_level.py +++ b/src/tests/multihost/alltests/test_default_debug_level.py @@ -12,15 +12,16 @@ import time import pytest from sssd.testlib.common.utils import sssdTools, LdapOperations -from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.ssh2_python import check_login_client_bool from constants import ds_instance_name, ds_suffix, ds_rootpw, ds_rootdn @pytest.mark.usefixtures('setup_sssd', 'create_posix_usersgroups') @pytest.mark.defaultdebuglevel -@pytest.mark.tier1_4 class TestDefaultDebugLevel(object): """ Check sssd default debug level """ + @pytest.mark.converted('test_default_debug_level.py', 'test_default_debug_level__check') + @pytest.mark.tier1_4 def test_0001_check_default_debug_level(self, multihost, backupsssdconf): """ :title: default debug logs: Check default debug level when sssd start @@ -62,6 +63,8 @@ def test_0001_check_default_debug_level(self, multihost, backupsssdconf): debug_str1 = pattern2.search(log_single_line) assert debug_str1.group() == '(0x3f7c0)' + @pytest.mark.converted('test_default_debug_level.py', 'test_default_debug_level__check_with_login') + @pytest.mark.tier1_4 def test_0002_check_default_level_with_auth(self, multihost, backupsssdconf): """ @@ -101,15 +104,15 @@ def test_0002_check_default_level_with_auth(self, multihost, print("before auth:", blog_size.stdout_text) user = f'foo1@{ds_instance_name}' # Authenticate user - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) + ssh = check_login_client_bool(multihost, user, 'Secret123') alog_size = multihost.client[0].run_command(check_log_size, raiseonerr=False) print("after auth:", alog_size.stdout_text) + assert ssh, f'{user} is not able to login' assert alog_size.stdout_text == blog_size.stdout_text + @pytest.mark.converted('test_default_debug_level.py', 'test_default_debug_level__fatal_and_critical_failures') + @pytest.mark.tier2 def test_0003_bz1893159(self, multihost, backupsssdconf): """ :title: default debug logs: Check that messages with levels 0 and 1 @@ -149,34 +152,65 @@ def test_0003_bz1893159(self, multihost, backupsssdconf): if not find1.search(log_str) and not find2.search(log_str): assert False + @pytest.mark.converted('test_default_debug_level.py', 'test_default_debug_level__cannot_load_sssd_config') + @pytest.mark.tier1_4 def test_0004_bz1893159(self, multihost, backupsssdconf): """ :title: default debug logs: Check default level 2 :id: d44d5883-fc52-418d-b407-3ac63f7104d8 + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1893159 + :setup: + 1. Remove debug_level option from sssd.conf + 2. Set domains = typo_domain (non existing) in [sssd] section + 3. Start sssd after clearing cache and logs :steps: - 1. Remove debug_level from sssd.conf - 2. Start sssd after clearing cache and logs - 3. Kill pid of sssd with signal SIGUSR2 - 4. Check logs + 1. Check sssd.log contains log related to 'SSSD cannot load config' :expectedresults: - 1. sssd should use default debug level with no level defined - 2. Succeeds - 3. sssd process is killed - 4. logs of level of 0x0040 are in the log file + 1. /var/log/sssd/sssd.log contains 'SSSD couldn't load configuration' log + """ + section = f"domain/{ds_instance_name}" + domain_params = {'debug_level': ''} + tools = sssdTools(multihost.client[0]) + tools.sssd_conf(section, domain_params, action='delete') + tools.sssd_conf('sssd', {'domains': 'some'}, action='update') + multihost.client[0].service_sssd('stop') + tools.remove_sss_cache('/var/log/sssd') + multihost.client[0].run_command('systemctl start sssd', raiseonerr=False) + log = '/var/log/sssd/sssd.log' + log_str = multihost.client[0].get_file_contents(log).decode('utf-8') + pattern = re.compile(r'SSSD couldn\'t load the configuration database') + assert pattern.search(log_str) + + @pytest.mark.converted('test_default_debug_level.py', 'test_default_debug_level__nonexisting_ldap_server') + @pytest.mark.tier1_4 + def test_bz1893159(self, multihost, backupsssdconf): + """ + :title: default debug logs: default log level logs in sssd.log + :id: 8f9c8c47-a1f6-4ec0-b979-202d8d6dc6c3 + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1893159 + :setup: + 1. Remove debug_level option from sssd.conf + 2. Set ldap_uri to a non-existing ldap-server + 3. Start sssd after clearing cache and logs + :steps: + 1. Check logs + :expectedresults: + 1. Domain Logs should contain a log related to 'going offline' """ section = f"domain/{ds_instance_name}" domain_params = {'debug_level': ''} tools = sssdTools(multihost.client[0]) tools.sssd_conf(section, domain_params, action='delete') + tools.sssd_conf(section, {'ldap_uri': 'ldap://typo'} , action='update') tools.clear_sssd_cache() - cmd_kill = 'kill -SIGUSR2 $(pidof sssd)' - multihost.client[0].run_command(cmd_kill, raiseonerr=False) - logfilename = 'sssd' - log = f'/var/log/sssd/{logfilename}.log' + log = f'/var/log/sssd/sssd_{ds_instance_name}.log' log_str = multihost.client[0].get_file_contents(log).decode('utf-8') - find = re.compile(r'.0x0040.') + find = re.compile(r'Failed to connect, going offline') + #check what is logged at default debug_level(2) assert find.search(log_str) + @pytest.mark.converted('test_default_debug_level.py', 'test_default_debug_level__sbus') + @pytest.mark.tier1_4 def test_0005_bz1915319(self, multihost, backupsssdconf): """ :title: default debug logs: Check SBUS code should not trigger failure @@ -206,6 +240,7 @@ def test_0005_bz1915319(self, multihost, backupsssdconf): assert not find.search(log_str) @staticmethod + @pytest.mark.tier2 def test_bz785908(multihost, backupsssdconf): """ :title: ldap search base dose not fully limit the group search base bz785908 @@ -220,7 +255,7 @@ def test_bz785908(multihost, backupsssdconf): :steps: 1. Runs command getent -s sss group to query the SSSD cache and save the results to a file. 2. Cleans up the LDAP server by deleting the previously created user and group entries, - and finally search for log messages containing the strings "Group111" and "Group22". + and finally search for log messages containing the strings "Group111" and "Group22". :expectedresults: 1. Query the SSSD cache and save the results to a file Should succeed 2. Log messages should containing the strings @@ -292,7 +327,7 @@ def test_bz785908(multihost, backupsssdconf): 'ldap_schema': 'rfc2307bis', 'ldap_group_object_class': "groupOfNames"}, action='update') tools.clear_sssd_cache() - time.sleep(3) + time.sleep(20) cmd = client.run_command("getent -s sss group").stdout_text for dn_dn in [f'uid=tempuser2,{ds_suffix}', f'uid=tempuser3,{ds_suffix}', @@ -306,6 +341,7 @@ def test_bz785908(multihost, backupsssdconf): assert group in cmd @staticmethod + @pytest.mark.tier1_4 def test_bz785898(multihost, backupsssdconf): """ :title: Enable midway cache refresh by default bz785898 diff --git a/src/tests/multihost/alltests/test_failover.py b/src/tests/multihost/alltests/test_failover.py index 3a931712bb2..2d5d7774539 100644 --- a/src/tests/multihost/alltests/test_failover.py +++ b/src/tests/multihost/alltests/test_failover.py @@ -9,6 +9,7 @@ import pytest from sssd.testlib.common.utils import sssdTools from constants import ds_instance_name +from sssd.testlib.common.ssh2_python import check_login_client_bool @pytest.mark.usefixtures('multipleds_failover', @@ -75,10 +76,10 @@ def test_0002_login(multihost): tools.remove_sss_cache('/var/lib/sss/db') multihost.client[0].service_sssd('start') # login as user - ssh = tools.auth_from_client(user, 'Secret123') == 3 - assert ssh, "Authentication failed!" + ssh = check_login_client_bool(multihost, user, 'Secret123') start_ds1 = 'systemctl start dirsrv@example' cmd = multihost.master[0].run_command(start_ds1, raiseonerr=False) + assert ssh, f'{user} is not able to login.' assert cmd.returncode == 0 @staticmethod @@ -98,8 +99,8 @@ def test_0003_stopsecondds(multihost): multihost.client[0].service_sssd('start') user = 'foo3@%s' % ds_instance_name # login as user - ssh = tools.auth_from_client(user, 'Secret123') == 3 - assert ssh, "Authentication failed!" + ssh = check_login_client_bool(multihost, user, 'Secret123') start_ds1 = 'systemctl start dirsrv@example' cmd = multihost.master[0].run_command(start_ds1, raiseonerr=False) + assert ssh, f'{user} is not able to login.' assert cmd.returncode == 0 diff --git a/src/tests/multihost/alltests/test_kcm.py b/src/tests/multihost/alltests/test_kcm.py index 7023969ac22..99bd351c9a7 100644 --- a/src/tests/multihost/alltests/test_kcm.py +++ b/src/tests/multihost/alltests/test_kcm.py @@ -11,7 +11,7 @@ import re import pytest import time -from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.ssh2_python import check_login_client from sssd.testlib.common.utils import sssdTools from constants import ds_instance_name @@ -36,17 +36,13 @@ def test_client_timeout(self, multihost, backupsssdconf): client.sssd_conf('kcm', domain_params) multihost.client[0].service_sssd('restart') user = 'foo1@example1' - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) + check_login_client(multihost, user, 'Secret123') sssdTools(multihost.client[0]).clear_sssd_cache() multihost.client[0].run_command("systemctl restart sssd-kcm") multihost.client[0].run_command("> /var/log/sssd/sssd_kcm.log") start_time = time.time() multihost.client[0].run_command("kinit foo1 <&- & ") end_time = time.time() - client.logout() assert end_time - start_time >= 300 grep_cmd = multihost.client[0].run_command("grep" " 'Terminated" @@ -119,3 +115,124 @@ def test_kcm_check_socket_path(self, multihost, backupsssdconf): "and.sssd.conf...some_path.kcm.socket..don't.match" find = re.compile(r'%s' % msg) assert find.search(log) + + @pytest.mark.tier1_2 + def test_expired_tickets(self, multihost, backupsssdconf): + """ + :title: IDM-SSSD-TC: kcm_provider: Expired tickets are removed + :id: db532785-a00f-4be9-b413-592e0550fe9c + :requirement: sssd-kcm does not appear to expire Kerberos tickets (RFE: sssd_kcm + should have the option to automatically delete the expired tickets) + :setup: + 1. Configure short ticket lifetime in krb5. + 2. Create a user. + 3. Cleanup all ticket caches + :steps: + 1. Create about 64 tickets for user + 2. Try to create 65th ticket + 3. Wait for them to expire + 4. Try to create about 10 more tickets + 5. Check the sssd kcm log + :expectedresults: + 1. Tickets are created + 2. Ticket is not created + 3. Tickets are expired + 4. New tickets are created + 5. Log contains a message about deleting expired credentials + :customerscenario: True + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1900973 + """ + client = sssdTools(multihost.client[0]) + client.sssd_conf('kcm', {'debug_level': '9'}) + multihost.client[0].service_sssd('restart') + + sssdTools(multihost.client[0]).clear_sssd_cache() + # Setup short ticker validity (60s) in krb5.conf using ticket_lifetime + backup_krb5 = 'cp -rf /etc/krb5.conf /etc/krb5.conf.bak' + restore_krb5 = 'mv /etc/krb5.conf.bak /etc/krb5.conf ; ' \ + 'restorecon -Rv /etc/krb5.conf' + edit_krb5_conf = 'sed -i "s/ticket_lifetime.*/ticket_lifetime = ' \ + '60/" /etc/krb5.conf' + multihost.client[0].run_command(backup_krb5, raiseonerr=False) + multihost.client[0].run_command(edit_krb5_conf, raiseonerr=False) + multihost.client[0].run_command("systemctl restart sssd-kcm") + multihost.client[0].run_command("> /var/log/sssd/sssd_kcm.log") + multihost.client[0].run_command("kdestroy -A", raiseonerr=False) + for i in range(1, 65): + multihost.client[0].run_command( + f"kinit -c KCM:0:12345{i} foo1", + stdin_text="Secret123", + raiseonerr=False + ) + # This credential should not be created due to secrets being full now. + cmd_fail = multihost.client[0].run_command( + "kinit -c KCM:0:666666 foo1", + stdin_text="Secret123", + raiseonerr=False + ) + log_str_1 = multihost.client[0].get_file_contents( + "/var/log/sssd/sssd_kcm.log").decode('utf-8') + # Wait for secrets to expire. + time.sleep(120) + multihost.client[0].run_command("date; klist -l", raiseonerr=False) + fail_count = 0 + for i in range(65, 75): + cmd = multihost.client[0].run_command( + f"kinit -c KCM:0:12345{i} foo1", + stdin_text="Secret123", + raiseonerr=False + ) + fail_count += cmd.returncode + log_str = multihost.client[0].get_file_contents( + "/var/log/sssd/sssd_kcm.log").decode('utf-8') + multihost.client[0].run_command(restore_krb5, raiseonerr=False) + multihost.client[0].run_command("kdestroy -A", raiseonerr=False) + assert fail_count == 0, f"At least one kinit failed. Failures: {fail_count}." + assert cmd_fail.returncode != 0, "kinit succeeded but should have failed." + assert "The maximum number of stored secrets has been reached" in log_str_1 + assert "Removing the oldest expired credential" in log_str + + @pytest.mark.tier1_2 + @staticmethod + def test_kcm_logrotate(multihost, backupsssdconf): + """ + :title: IDM-SSSD-TC: sssd_kcm.log is rotated with other sssd logs + :id: 9ac9a11c-c176-431b-b690-03181f014c25 + :setup: + 1. Create a user. + :steps: + 1. Create a ticket for a user and collect kcm log file + 2. Initiate logrotate for sssd and collect the sssd kcm log + 3. Swich off sssd-kcm service and initiate logrotate + 4. Swich off sssd service and initiate logrotate + :expectedresults: + 1. Ticket is created + 2. Log file size is lower that in step 1. + 3. Logrotate does not fail. + 4. Logrotate does not fail. + :customerscenario: True + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2176768 + """ + client = sssdTools(multihost.client[0]) + client.sssd_conf('kcm', {'debug_level': '9'}) + sssdTools(multihost.client[0]).clear_sssd_cache() + client.service_ctrl('restart', 'sssd-kcm') + kinit = multihost.client[0].run_command( + "kinit -c KCM:0:666666 foo1", + stdin_text="Secret123", + raiseonerr=False + ) + log_str_len_start = len(multihost.client[0].get_file_contents( + "/var/log/sssd/sssd_kcm.log").decode('utf-8')) + multihost.client[0].run_command("logrotate -f /etc/logrotate.d/sssd") + time.sleep(20) + log_str_len_end = len(multihost.client[0].get_file_contents( + "/var/log/sssd/sssd_kcm.log").decode('utf-8')) + client.service_ctrl('stop', 'sssd-kcm') + logrotate_kcm = multihost.client[0].run_command("logrotate -f /etc/logrotate.d/sssd") + multihost.client[0].service_sssd('stop') + logrotate_sssd = multihost.client[0].run_command("logrotate -f /etc/logrotate.d/sssd") + assert kinit.returncode == 0, "kinit failed." + assert log_str_len_start > log_str_len_end, "Log was not rotated!" + assert logrotate_kcm.returncode == 0, "Logrotation error when sssd-kcm is stopped!" + assert logrotate_sssd.returncode == 0, "Logrotation error when sssd is stopped!" diff --git a/src/tests/multihost/alltests/test_krb5.py b/src/tests/multihost/alltests/test_krb5.py index 85a97348400..d7f291ca79a 100644 --- a/src/tests/multihost/alltests/test_krb5.py +++ b/src/tests/multihost/alltests/test_krb5.py @@ -7,8 +7,7 @@ from __future__ import print_function import pytest from sssd.testlib.common.utils import sssdTools -from sssd.testlib.common.expect import pexpect_ssh -from sssd.testlib.common.exceptions import SSHLoginException +from sssd.testlib.common.ssh2_python import check_login_client @pytest.mark.usefixtures('setup_sssd_krb', 'create_posix_usersgroups') @@ -45,26 +44,16 @@ def test_0001_krb5_not_working_based_on_k5login(self, client_tool.sssd_conf('domain/example1', dmain_delete, action='delete') multihost.client[0].service_sssd('start') user = 'user5000' - client_hostname = multihost.client[0].sys_hostname multihost.client[0].run_command(f'touch /home/{user}/.k5login') multihost.client[0].run_command(f'chown {user} /home/{user}/.k5login') multihost.client[0].run_command(f'chgrp {user} /home/{user}/.k5login') multihost.client[0].run_command(f'chmod 664 /home/{user}/.k5login') multihost.client[0].service_sssd('restart') - client = pexpect_ssh(client_hostname, user, 'Secret123', debug=False) with pytest.raises(Exception): - client.login(login_timeout=10, sync_multiplier=1, - auto_prompt_reset=False) + check_login_client(multihost, user, 'Secret123') multihost.client[0].run_command(f'rm -vf /home/{user}/.k5login') multihost.client[0].service_sssd('restart') - client = pexpect_ssh(client_hostname, user, 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, 'Secret123') multihost.client[0].run_command('authselect select sssd') @pytest.mark.tier1_2 diff --git a/src/tests/multihost/alltests/test_krb_access_provider.py b/src/tests/multihost/alltests/test_krb_access_provider.py index 022cad4bb34..575782bfbac 100644 --- a/src/tests/multihost/alltests/test_krb_access_provider.py +++ b/src/tests/multihost/alltests/test_krb_access_provider.py @@ -7,9 +7,11 @@ :status: approved """ import pytest +import time from constants import ds_instance_name -from sssd.testlib.common.expect import pexpect_ssh from sssd.testlib.common.utils import sssdTools +from sssd.testlib.common.ssh2_python import check_login_client, \ + check_login_client_bool, run_command_client, SSHClient @pytest.fixture(scope='class') @@ -78,20 +80,16 @@ def test_0001_k5login_empty(multihost): multihost.client[0].run_command("truncate -s 0 /var/log/secure", raiseonerr=False) client = sssdTools(multihost.client[0]) client.clear_sssd_cache() - - users = ['foo3', 'foo4'] - ssh = client.auth_from_client(users[0], 'Secret123') - ssh2 = client.auth_from_client(users[1], 'Secret123') + with pytest.raises(Exception): + check_login_client(multihost, "foo3", "Secret123") + ssh = check_login_client_bool(multihost, "foo4", "Secret123") + time.sleep(3) secure_log_str = multihost.client[0].get_file_contents("/var/log/secure").decode('utf-8') - file = f'/var/log/sssd/sssd_{ds_instance_name}.log' sssd_log_str = multihost.client[0].get_file_contents(file).decode('utf-8') multihost.client[0].run_command("truncate -s 0 /home/foo3/.k5login", raiseonerr=False) - - assert ssh == 10, "foo3 successfully logged In" - assert ssh2 == 3, "foo4 failed to log In" - + assert ssh, 'foo4 is not able to login.' assert "pam_sss(sshd:auth): authentication success" in secure_log_str, \ "authentication success not found in /var/log/secure" assert "pam_sss(sshd:account): Access denied for user foo3" in secure_log_str, \ @@ -137,17 +135,16 @@ def test_0002_k5login_user3(multihost): for command in cmds: cmd = multihost.client[0].run_command(command, raiseonerr=False) - user = 'foo3' - ssh = client.auth_from_client(user, 'Secret123') - + ssh = check_login_client_bool(multihost, "foo3", "Secret123") + time.sleep(3) secure_log_str = multihost.client[0].get_file_contents("/var/log/secure").decode('utf-8') file = f'/var/log/sssd/sssd_{ds_instance_name}.log' sssd_log_str = multihost.client[0].get_file_contents(file).decode('utf-8') multihost.client[0].run_command("truncate -s 0 /home/foo3/.k5login", raiseonerr=False) + assert ssh, 'foo3 is not able to login.' assert cmd.returncode == 0, f"{command} did not execute successfully" - assert ssh == 3, "foo3 failed to log in" assert "pam_sss(sshd:auth): authentication success" in secure_log_str, \ "authentication success not found in /var/log/secure" assert "Accepted password for foo3" in secure_log_str, \ @@ -185,22 +182,21 @@ def test_0003_k5login_user3_with_user4(multihost): for command in echo_cmds: cmd = multihost.client[0].run_command(command, raiseonerr=False) - user = 'foo3' - ssh_output = client.auth_from_client(user, 'Secret123') - + ssh = check_login_client_bool(multihost, "foo3", "Secret123") client_hostname = multihost.client[0].sys_hostname - ssh = pexpect_ssh(client_hostname, 'foo4', 'Secret123', debug=False) - ssh.login(login_timeout=10, sync_multiplier=1, auto_prompt_reset=False) - ssh.command(f"ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no foo3@{client_hostname}\ - 'id > /tmp/accessProvider_id_krb5_003.out 2>&1' ") - ssh.logout() - + try: + run_command_client(multihost, "foo4", "Secret123", + f"ssh -o StrictHostKeyChecking=no -o " + f"PasswordAuthentication=no foo3@{client_hostname} " + f"id > /tmp/accessProvider_id_krb5_003.out 2>&1") + except Exception: + pytest.fail("Error in connection via ssh as foo4") + finally: + multihost.client[0].run_command("truncate -s 0 /home/foo3/.k5login", raiseonerr=False) logfile = multihost.client[0].get_file_contents("/tmp/accessProvider_id_krb5_003.out").decode('utf-8') - - multihost.client[0].run_command("truncate -s 0 /home/foo3/.k5login", raiseonerr=False) multihost.client[0].run_command("rm -rf /tmp/accessProvider_id_krb5_003.out", raiseonerr=False) + assert ssh, 'foo3 is not able to login.' assert cmd.returncode == 0, f"{command} did not execute successfully" - assert ssh_output == 3, "foo3 failed to log in" assert "foo3" in logfile, "foo3 not found in /tmp/accessProvider_id_krb5_003.out" @staticmethod @@ -236,28 +232,29 @@ def test_0004_k5login_user4_with_deleted_user3(multihost): for command in echo_cmds: cmd1 = multihost.client[0].run_command(command, raiseonerr=False) - user = 'foo3' - ssh_output = client.auth_from_client(user, 'Secret123') + ssh1 = check_login_client_bool(multihost, "foo3", "Secret123") ldap_cmd = f'ldapdelete -x -H ldap://{multihost.master[0].sys_hostname} \ -D "cn=Directory Manager" -w "Secret123" uid=foo3,ou=People,dc=example,dc=test' - cmd2 = multihost.client[0].run_command(ldap_cmd, raiseonerr=False) - + time.sleep(10) client_hostname = multihost.client[0].sys_hostname - ssh = pexpect_ssh(client_hostname, 'foo4', 'Secret123', debug=False) - ssh.login(login_timeout=10, sync_multiplier=1, auto_prompt_reset=False) - ssh.command("id > /tmp/accessProvider_id_krb5_004.out 2>&1 ") - ssh.command(f"ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no foo3@{client_hostname}\ - 'id > /tmp/accessProvider_id_krb5_004.out 2>&1' ") - ssh.logout() - + try: + ssh = SSHClient(client_hostname, "foo4", "Secret123") + ssh.connect() + ssh.execute_command("id > /tmp/accessProvider_id_krb5_004.out 2>&1") + ssh.execute_command(f"ssh -o StrictHostKeyChecking=no -o " + f"PasswordAuthentication=no foo3@{client_hostname} id >> " + f"/tmp/accessProvider_id_krb5_004.out 2>&1") + ssh.close() + except Exception: + pytest.fail("Error in connection via ssh as foo4") + finally: + multihost.client[0].run_command("truncate -s 0 /home/foo3/.k5login", raiseonerr=False) logfile = multihost.client[0].get_file_contents("/tmp/accessProvider_id_krb5_004.out").decode('utf-8') - - multihost.client[0].run_command("truncate -s 0 /home/foo3/.k5login", raiseonerr=False) multihost.client[0].run_command("rm -rf /tmp/accessProvider_id_krb5_004.out", raiseonerr=False) + assert ssh1, 'foo1 is not able to login.' assert cmd1.returncode == 0, f'{command} did not execute successfully' assert cmd2.returncode == 0, f'{ldap_cmd} did not execute successfully' - assert ssh_output == 3, "foo3 failed to log in" - assert "foo3" not in logfile, "foo3 not found in /tmp/accessProvider_id_krb5_004.out" + assert "foo3" not in logfile, "foo3 found in /tmp/accessProvider_id_krb5_004.out" assert "foo4" in logfile, "foo4 not found in /tmp/accessProvider_id_krb5_004.out" diff --git a/src/tests/multihost/alltests/test_krb_fast_principal.py b/src/tests/multihost/alltests/test_krb_fast_principal.py index df8c6398447..4749d0cdc9d 100644 --- a/src/tests/multihost/alltests/test_krb_fast_principal.py +++ b/src/tests/multihost/alltests/test_krb_fast_principal.py @@ -8,10 +8,53 @@ """ import pytest +import time from constants import ds_instance_name +from sssd.testlib.common.ssh2_python import check_login_client_bool, check_login_client from sssd.testlib.common.utils import sssdTools +@pytest.fixture(scope='class') +def create_keytab(multihost, request): + """ + Configure keytab for this test + """ + client_hostname = multihost.client[0].sys_hostname + master_hostname = multihost.master[0].sys_hostname + multihost.master[0].run_command("cp -vfr /opt /tmp/") + multihost.client[0].run_command("cp -vfr /opt /tmp/") + multihost.client[0].run_command("cp -vf /etc/krb5.keytab /etc/krb5.keytab_anuj") + multihost.master[0].run_command("rm -vf /opt/*") + multihost.client[0].run_command("rm -vf /opt/*") + for command in [f'kadmin.local -q "addprinc -randkey ldap/{master_hostname}@EXAMPLE.TEST"', + f'kadmin.local -q "ktadd -k /etc/krb5.keytab ldap/{master_hostname}@EXAMPLE.TEST"', + f'kadmin.local -q "addprinc -randkey host/{client_hostname}@EXAMPLE.TEST"', + f'kadmin.local -q "ktadd -k /opt/sssd_client_invalid.keytab host/{client_hostname}@EXAMPLE.TEST"', + f'kadmin.local -q "ktadd -k /opt/sssd_client_valid.keytab host/{client_hostname}@EXAMPLE.TEST"', + 'kadmin.local -q "addprinc -randkey host/invalidhost.redhat.com@EXAMPLE.TEST"', + 'kadmin.local -q "ktadd -k /opt/invalid.keytab host/invalidhost.redhat.com@EXAMPLE.TEST"', + 'kadmin.local -q "delprinc -force host/invalidhost.redhat.com@EXAMPLE.TEST"', + 'chmod 777 /etc/krb5.keytab', + 'restorecon -v /etc/krb5.keytab']: + multihost.master[0].run_command(command, raiseonerr=False) + file_content = multihost.master[0].get_file_contents("/opt/sssd_client_valid.keytab") + multihost.client[0].put_file_contents("/etc/krb5.keytab", file_content) + multihost.client[0].run_command("restorecon -v /etc/krb5.keytab") + + def restore(): + """ Restore configuration """ + multihost.master[0].run_command("rm -vf /opt/*") + multihost.master[0].run_command("cp -vfr /tmp/opt/* /opt") + multihost.master[0].run_command("rm -vfr /tmp/opt") + multihost.client[0].run_command("rm -vf /opt/*", raiseonerr=False) + multihost.client[0].run_command("cp -vfr /tmp/opt/* /opt", raiseonerr=False) + multihost.client[0].run_command("rm -vfr /tmp/opt", raiseonerr=False) + multihost.client[0].run_command("cp -vf /etc/krb5.keytab_anuj /etc/krb5.keytab") + multihost.client[0].run_command("restorecon -v /etc/krb5.keytab") + + request.addfinalizer(restore) + + def krb5_fast_setup(client, krb5_use_fast, krb5_fast_principal, **krb5_validate): """ To Customize domain parameters for Test Cases :client: This will contain client host configuration @@ -38,9 +81,9 @@ def krb5_fast_setup(client, krb5_use_fast, krb5_fast_principal, **krb5_validate) @pytest.fixture(scope='class') -def custom_setup(session_multihost, setup_sssd_krb, create_posix_usersgroups, krb_connection_timeout): +def custom_setup(multihost, setup_sssd_krb, create_posix_usersgroups, krb_connection_timeout): """ Added neccessary sssd domain parameters """ - tools = sssdTools(session_multihost.client[0]) + tools = sssdTools(multihost.client[0]) sssd_params = {'services': "nss, pam", 'config_file_version': 2} tools.sssd_conf('sssd', sssd_params) @@ -54,7 +97,7 @@ def custom_setup(session_multihost, setup_sssd_krb, create_posix_usersgroups, kr @pytest.mark.tier2 @pytest.mark.krbfastprincipal -@pytest.mark.usefixtures('custom_setup') +@pytest.mark.usefixtures('custom_setup', 'create_keytab') class TestKrbFastPrincipal(): """ This is test case class for krb_fast_principal suite @@ -73,24 +116,24 @@ def test_0001_valid_principal(multihost, backupsssdconf): 1. Set the values of krb5_use_fast and krb5_fast_principal in sssd.conf \ and restart sssd. :steps: - 1. Authenticate the user foo3 from the client + 1. Authenticate the user foo1 from the client 2. Check the krb5_child log for expected messages. :expectedresults: - 1. User foo3 should be able to successfully login + 1. User foo1 should be able to successfully login 2. Krb5_child Log contains the expected lines: Trying to find principal host/$Client@EXAMPLE.TEST in keytab Principal matched to the sample (host/$Client@EXAMPLE.TEST) """ krb5_fast_setup(multihost.client[0], 'demand', f'host/{multihost.client[0].sys_hostname}') - client = sssdTools(multihost.client[0]) - ssh = client.auth_from_client('foo3', 'Secret123') + ssh = check_login_client_bool(multihost, "foo1", "Secret123") + time.sleep(3) file = '/var/log/sssd/krb5_child.log' krb5_child_log = multihost.client[0].get_file_contents(file).decode('utf-8') - assert ssh == 3, "foo3 failed to log In" + assert ssh, 'foo1 is not able to login.' assert f"Trying to find principal host/{multihost.client[0].sys_hostname}@EXAMPLE.TEST in keytab" \ - in krb5_child_log, f"principal host/{multihost.client[0].sys_hostname}@EXAMPLE.TEST not found in keytab" + in krb5_child_log, f"principal host/{multihost.client[0].sys_hostname}@EXAMPLE.TEST not found in keytab" assert f"Principal matched to the sample (host/{multihost.client[0].sys_hostname}@EXAMPLE.TEST)" \ - in krb5_child_log, "Principals did not match" + in krb5_child_log, "Principals did not match" @staticmethod def test_0002_invalid_principal(multihost, backupsssdconf): @@ -101,20 +144,20 @@ def test_0002_invalid_principal(multihost, backupsssdconf): 1. Set the values of krb5_use_fast and krb5_fast_principal in sssd.conf \ and restart sssd. :steps: - 1. Authenticate the user foo3 from the client + 1. Authenticate the user foo1 from the client 2. Check the krb5_child log for expected messages. :expectedresults: - 1. User foo3 should not be able to successfully login + 1. User foo1 should not be able to successfully login 2. Krb5_child Log contains the expected lines: Trying to find principal invalid@EXAMPLE.TEST in keytab No principal matching invalid@EXAMPLE.TEST found in keytab """ krb5_fast_setup(multihost.client[0], 'try', 'invalid') - client = sssdTools(multihost.client[0]) - ssh = client.auth_from_client('foo3', 'Secret123') + with pytest.raises(Exception): + check_login_client(multihost, "foo1", "Secret123") file = '/var/log/sssd/krb5_child.log' + time.sleep(3) krb5_child_log = multihost.client[0].get_file_contents(file).decode('utf-8') - assert ssh == 10, "foo3 successfully logged In" assert "Trying to find principal invalid@EXAMPLE.TEST in keytab" in krb5_child_log, \ "principal invalid@EXAMPLE.TEST not found in keytab" assert "No principal matching invalid@EXAMPLE.TEST found in keytab" in krb5_child_log, \ @@ -129,19 +172,19 @@ def test_0003_principal_at_test_test(multihost, backupsssdconf): 1. Set the values of krb5_use_fast and krb5_fast_principal in sssd.conf \ and restart sssd. :steps: - 1. Authenticate the user foo3 from the client + 1. Authenticate the user foo1 from the client 2. Check the krb5_child log for expected messages. :expectedresults: - 1. User foo3 should not be able to successfully login + 1. User foo1 should not be able to successfully login 2. Krb5_child Log contains the expected lines: Trying to find principal principal@TEST.TEST in keytab """ krb5_fast_setup(multihost.client[0], 'demand', 'principal@TEST.TEST') - client = sssdTools(multihost.client[0]) - ssh = client.auth_from_client('foo3', 'Secret123') + with pytest.raises(Exception): + check_login_client(multihost, "foo1", "Secret123") + time.sleep(3) file = '/var/log/sssd/krb5_child.log' krb5_child_log = multihost.client[0].get_file_contents(file).decode('utf-8') - assert ssh == 10, "foo3 successfully logged In" assert "Trying to find principal principal@TEST.TEST in keytab" in krb5_child_log, \ "principal principal@TEST.TEST not found in keytab" @@ -154,19 +197,19 @@ def test_0004_null_principal(multihost, backupsssdconf): 1. Set the values of krb5_use_fast and krb5_fast_principal in sssd.conf \ and restart sssd. :steps: - 1. Authenticate the user foo3 from the client + 1. Authenticate the user foo1 from the client 2. Check the krb5_child log for expected messages. :expectedresults: - 1. User foo3 should be able to successfully login + 1. User foo1 should be able to successfully login 2. Krb5_child Log contains the expected lines: Trying to find principal (null)@EXAMPLE.TEST in keytab """ krb5_fast_setup(multihost.client[0], 'demand', '') - client = sssdTools(multihost.client[0]) - ssh = client.auth_from_client('foo3', 'Secret123') + ssh = check_login_client_bool(multihost, "foo1", "Secret123") + time.sleep(3) file = '/var/log/sssd/krb5_child.log' krb5_child_log = multihost.client[0].get_file_contents(file).decode('utf-8') - assert ssh == 3, "foo3 failed to log In" + assert ssh, 'foo1 is not able to login.' assert "Trying to find principal (null)@EXAMPLE.TEST in keytab" in krb5_child_log, \ "principal (null)@EXAMPLE.TEST not found in keytab" @@ -180,10 +223,10 @@ def test_0005_valid_principal_and_krb5_validate_true(multihost, backupsssdconf): 1. Set the values of krb5_use_fast and krb5_fast_principal and set krb5_validate to true \ in sssd.conf and restart sssd. :steps: - 1. Authenticate the user foo3 from the client + 1. Authenticate the user foo1 from the client 2. Check the krb5_child log for expected messages. :expectedresults: - 1. User foo3 should be able to successfully login + 1. User foo1 should be able to successfully login 2. Krb5_child Log contains the expected lines: Trying to find principal host/$Client@EXAMPLE.TEST in keytab Principal matched to the sample (host/$Client@EXAMPLE.TEST) @@ -191,11 +234,11 @@ def test_0005_valid_principal_and_krb5_validate_true(multihost, backupsssdconf): """ krb5_fast_setup(multihost.client[0], 'demand', f'host/{multihost.client[0].sys_hostname}', krb5_validate='true') - client = sssdTools(multihost.client[0]) - ssh = client.auth_from_client('foo3', 'Secret123') + ssh = check_login_client_bool(multihost, "foo1", "Secret123") + time.sleep(3) file = '/var/log/sssd/krb5_child.log' krb5_child_log = multihost.client[0].get_file_contents(file).decode('utf-8') - assert ssh == 3, "foo3 failed to log In" + assert ssh, 'foo1 is not able to login.' assert f"Trying to find principal host/{multihost.client[0].sys_hostname}@EXAMPLE.TEST in keytab"\ in krb5_child_log, f"principal host/{multihost.client[0].sys_hostname}@EXAMPLE.TEST not found in keytab" assert f"Principal matched to the sample (host/{multihost.client[0].sys_hostname}@EXAMPLE.TEST)" \ @@ -213,20 +256,20 @@ def test_0006_invalid_principal_and_krb5_validate_true(multihost, backupsssdconf 1. Set the values of krb5_use_fast and krb5_fast_principal and set krb5_validate to true \ in sssd.conf and restart sssd. :steps: - 1. Authenticate the user foo3 from the client + 1. Authenticate the user foo1 from the client 2. Check the krb5_child log for expected messages. :expectedresults: - 1. User foo3 should not be able to successfully login + 1. User foo1 should not be able to successfully login 2. Krb5_child Log contains the expected lines: Trying to find principal invalid@EXAMPLE.TEST in keytab No principal matching invalid@EXAMPLE.TEST found in keytab """ krb5_fast_setup(multihost.client[0], 'try', 'invalid', krb5_validate='true') - client = sssdTools(multihost.client[0]) - ssh = client.auth_from_client('foo3', 'Secret123') + with pytest.raises(Exception): + check_login_client(multihost, "foo1", "Secret123") file = '/var/log/sssd/krb5_child.log' + time.sleep(3) krb5_child_log = multihost.client[0].get_file_contents(file).decode('utf-8') - assert ssh == 10, "foo3 successfully logged In" assert "Trying to find principal invalid@EXAMPLE.TEST in keytab" in krb5_child_log, \ "principal invalid@EXAMPLE.TEST not found in keytab" assert "No principal matching invalid@EXAMPLE.TEST found in keytab" in krb5_child_log, \ @@ -242,19 +285,19 @@ def test_0007_principal_at_test_test_and_krb5_validate_true(multihost, backupsss 1. Set the values of krb5_use_fast and krb5_fast_principal and set krb5_validate to true \ in sssd.conf and restart sssd. :steps: - 1. Authenticate the user foo3 from the client + 1. Authenticate the user foo1 from the client 2. Check the krb5_child log for expected messages. :expectedresults: - 1. User foo3 should not be able to successfully login + 1. User foo1 should not be able to successfully login 2. Krb5_child Log contains the expected lines: Trying to find principal principal@TEST.TEST in keytab """ krb5_fast_setup(multihost.client[0], 'demand', 'principal@TEST.TEST', krb5_validate='true') - client = sssdTools(multihost.client[0]) - ssh = client.auth_from_client('foo3', 'Secret123') + with pytest.raises(Exception): + check_login_client(multihost, "foo1", "Secret123") + time.sleep(3) file = '/var/log/sssd/krb5_child.log' krb5_child_log = multihost.client[0].get_file_contents(file).decode('utf-8') - assert ssh == 10, "foo3 successfully logged In" assert "Trying to find principal principal@TEST.TEST in keytab" in krb5_child_log, \ "principal principal@TEST.TEST not found in keytab" @@ -268,19 +311,19 @@ def test_0008_null_principal_and_krb5_validate_true(multihost, backupsssdconf): 1. Set the values of krb5_use_fast and krb5_fast_principal and set krb5_validate to true \ in sssd.conf and restart sssd. :steps: - 1. Authenticate the user foo3 from the client + 1. Authenticate the user foo1 from the client 2. Check the krb5_child log for expected messages. :expectedresults: - 1. User foo3 should be able to successfully login + 1. User foo1 should be able to successfully login 2. Krb5_child Log contains the expected lines: Trying to find principal (null)@EXAMPLE.TEST in keytab """ krb5_fast_setup(multihost.client[0], 'demand', '', krb5_validate='true') - client = sssdTools(multihost.client[0]) - ssh = client.auth_from_client('foo3', 'Secret123') + ssh = check_login_client_bool(multihost, "foo1", "Secret123") file = '/var/log/sssd/krb5_child.log' + time.sleep(3) krb5_child_log = multihost.client[0].get_file_contents(file).decode('utf-8') - assert ssh == 3, "foo3 failed to log In" + assert ssh, 'foo1 is not able to login.' assert "Trying to find principal (null)@EXAMPLE.TEST in keytab" in krb5_child_log, \ "principal (null)@EXAMPLE.TEST not found in keytab" assert f"TGT verified using key for [host/{multihost.client[0].sys_hostname}@EXAMPLE.TEST]"\ diff --git a/src/tests/multihost/alltests/test_krb_fips.py b/src/tests/multihost/alltests/test_krb_fips.py index 30f7a46cee8..3aa122fbd40 100644 --- a/src/tests/multihost/alltests/test_krb_fips.py +++ b/src/tests/multihost/alltests/test_krb_fips.py @@ -11,12 +11,10 @@ import re import pytest import ldap -from pexpect import pxssh from constants import ds_suffix, krb_realm -from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.ssh2_python import check_login_client, SSHClient from sssd.testlib.common.utils import sssdTools from sssd.testlib.common.utils import LdapOperations -from sssd.testlib.common.exceptions import SSHLoginException from sssd.testlib.common.libkrb5 import krb5srv @@ -71,14 +69,7 @@ def test_fips_login(multihost): tools = sssdTools(multihost.client[0]) domain_name = tools.get_domain_section_name() user = 'foo1@%s' % domain_name - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - try: - client.login() - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, 'Secret123') @staticmethod @pytest.mark.tier1_2 @@ -100,27 +91,16 @@ def test_kcm_not_store_tgt(multihost, backupsssdconf): multihost.client[0].service_sssd('restart') multihost.client[0].run_command("systemctl " "restart sssd-kcm") - - ssh = pxssh.pxssh(options={"StrictHostKeyChecking": "no", - "UserKnownHostsFile": "/dev/null"}) - ssh.force_password = True + ssh = SSHClient(multihost.client[0].sys_hostname, 'foo3', 'Secret123') try: - ssh.login(multihost.client[0].sys_hostname, 'foo3', 'Secret123') - ssh.sendline('kdestroy -A -q') - ssh.prompt(timeout=5) - ssh.sendline('kinit foo3') - ssh.expect('Password for .*:', timeout=10) - ssh.sendline('Secret123') - ssh.prompt(timeout=5) - ssh.sendline('klist') - ssh.prompt(timeout=5) - klist = str(ssh.before) - ssh.sendline(f'ssh -v -o StrictHostKeyChecking=no -K -l foo3 ' - f'{multihost.client[0].sys_hostname} klist') - ssh.prompt(timeout=30) - ssh_output = str(ssh.before) - ssh.logout() - except pxssh.ExceptionPxssh: + ssh.connect() + ssh.execute_command('kdestroy -A -q') + ssh.execute_command('echo -e "Secret123" | kinit foo3') + klist = ssh.execute_command('klist') + ssh_output = ssh.execute_command(f'ssh -v -o StrictHostKeyChecking=no ' + f'-K -l foo3 {multihost.client[0].sys_hostname} klist') + ssh.close() + except Exception: pytest.fail("Ssh login failed.") assert 'KCM:14583103' in klist, "kinit did not work!" @@ -139,33 +119,19 @@ def test_child_logs_after_receiving_hup(multihost): tools = sssdTools(multihost.client[0]) domain_name = tools.get_domain_section_name() user = 'foo1@%s' % domain_name - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - try: - client.login() - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, 'Secret123') time.sleep(2) ps_cmd = "mv /var/log/sssd/krb5_child.log " \ "/var/log/sssd/krb5_child.log.old" - cmd = multihost.client[0].run_command(ps_cmd) + multihost.client[0].run_command(ps_cmd) ps_cmd = "pgrep sssd" cmd = multihost.client[0].run_command(ps_cmd) sssd_pid = cmd.stdout_text.split('\n')[0] ps_cmd = f"/bin/kill -HUP {sssd_pid}" - cmd = multihost.client[0].run_command(ps_cmd) - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - try: - client.login() - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + multihost.client[0].run_command(ps_cmd) + check_login_client(multihost, user, 'Secret123') time.sleep(2) - cmd = multihost.client[0].run_command(ps_cmd) + multihost.client[0].run_command(ps_cmd) for file in ['krb5_child.log', 'krb5_child.log.old']: ps_cmd = f"ls -l /var/log/sssd/{file}" cmd = multihost.client[0].run_command(ps_cmd) @@ -194,14 +160,7 @@ def test_sssd_not_check_gss_spengo(multihost, backupsssdconf): client.sssd_conf('domain/example1', domain_params) client.clear_sssd_cache() user = 'foo1@%s' % domain_name - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - try: - client.login() - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, 'Secret123') ps_grep = "grep GSS /var/log/sssd/*.log" cmd = multihost.client[0].run_command(ps_grep) err_msg = "SPNEGO cannot find mechanisms to negotiate" @@ -221,18 +180,15 @@ def test_fips_as_req(multihost): tcpdump_cmd = 'tcpdump -s0 host %s -w %s' % (ldap_host, pcapfile) multihost.client[0].run_command(tcpdump_cmd, bg=True) pkill = 'pkill tcpdump' - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) try: - client.login() - except SSHLoginException: + check_login_client(multihost, user, 'Secret123') + except Exception: multihost.client[0].run_command(pkill) tshark_cmd = "tshark -r %s -V -2 -R 'kerberos.ENCTYPE'" % pcapfile - cmd = multihost.client[0].run_command(tshark_cmd, raiseonerr=False) + multihost.client[0].run_command(tshark_cmd, raiseonerr=False) pytest.fail("%s failed to login" % user) else: time.sleep(5) - client.logout() multihost.client[0].run_command(pkill) # check as_req tshark_cmd = "tshark -r %s -V -2 -R 'kerberos.ENCTYPE'" % pcapfile @@ -261,11 +217,9 @@ def test_fips_as_rep(multihost): f' -w {pcapfile}' multihost.client[0].run_command(tcpdump_cmd, bg=True) pkill = 'pkill tcpdump' - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) try: - client.login() - except SSHLoginException: + check_login_client(multihost, user, 'Secret123') + except Exception: multihost.client[0].run_command(pkill) print("SSH Login failed") tshark_cmd = "tshark -r %s -V -2 -R"\ @@ -274,7 +228,6 @@ def test_fips_as_rep(multihost): pytest.fail("%s failed to login" % user) else: time.sleep(5) - client.logout() multihost.client[0].run_command(pkill) # check as_rep tshark_cmd = "tshark -r %s -V -2 -R"\ @@ -328,15 +281,13 @@ def test_login_fips_weak_crypto(multihost): tcpdump_cmd = 'tcpdump -s0 host %s -w %s' % (ldap_host, pcapfile) multihost.client[0].run_command(tcpdump_cmd, bg=True) pkill = 'pkill tcpdump' - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) try: - client.login() - except SSHLoginException: + check_login_client(multihost, user, 'Secret123') + except Exception: multihost.client[0].run_command(pkill) tshark_cmd = "tshark -r %s -V -2 -R"\ " 'kerberos.msg_type == 30'" % pcapfile - cmd = multihost.client[0].run_command(tshark_cmd, raiseonerr=False) + multihost.client[0].run_command(tshark_cmd, raiseonerr=False) journalctl_cmd = 'journalctl --no-pager -n 150' cmd = multihost.client[0].run_command(journalctl_cmd) check = re.compile(r'KDC has no support for encryption type') @@ -365,20 +316,18 @@ def test_ldap_gssapi(multihost): tcpdump_cmd = 'tcpdump -s0 host %s -w %s' % (ldap_host, pcapfile) multihost.client[0].run_command(tcpdump_cmd, bg=True) pkill = 'pkill tcpdump' - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) + client = SSHClient(multihost.client[0].sys_hostname, user, 'Secret123') try: - client.login() - except SSHLoginException: + client.connect() + except Exception: multihost.client[0].run_command(pkill) pytest.fail("%s failed to login" % user) else: ldapsearch = 'ldapsearch -Y GSSAPI -H ldap://%s' % ldap_host - client.command(ldapsearch) - client.logout() - multihost.client[0].run_command(pkill) - tshark_cmd = "tshark -r %s -V -2 -R"\ - " 'kerberos.msg_type == 13'" % pcapfile + client.execute_command(ldapsearch) + client.close() + multihost.client[0].run_command(pkill, raiseonerr=False) + tshark_cmd = "tshark -r %s -V -2 -R 'kerberos.msg_type == 13'" % pcapfile multihost.client[0].run_command(tshark_cmd, raiseonerr=False) rm_pcap_file = 'rm -f %s' % pcapfile multihost.client[0].run_command(rm_pcap_file) diff --git a/src/tests/multihost/alltests/test_ldap_extra_attrs.py b/src/tests/multihost/alltests/test_ldap_extra_attrs.py index b0a95b5e7a6..8fffa40fb0a 100644 --- a/src/tests/multihost/alltests/test_ldap_extra_attrs.py +++ b/src/tests/multihost/alltests/test_ldap_extra_attrs.py @@ -13,7 +13,7 @@ import time from sssd.testlib.common.utils import sssdTools from constants import ds_instance_name -from pexpect import pxssh +from sssd.testlib.common.ssh2_python import SSHClient @pytest.mark.usefixtures('setup_sssd', 'create_posix_usersgroups') @@ -23,6 +23,7 @@ class TestLdapExtraAttrs(object): This is test case class for ldap ldap_extra_attr suite """ @pytest.mark.tier1 + @pytest.mark.converted('test_ldap_extra_attrs.py', 'test_ldap_extra_attrs__filled') def test_0001_bz1362023(self, multihost): """ :title: IDM-SSSD-TC: ldap_extra_attrs: SSSD fails to start @@ -46,6 +47,7 @@ def test_0001_bz1362023(self, multihost): assert start == 0 @pytest.mark.tier1 + @pytest.mark.converted('test_ldap_extra_attrs.py', 'test_ldap_extra_attrs__filled') def test_0002_givenmail(self, multihost): """ :title: IDM-SSSD-TC: ldap_extra_attrs: Verify the entry of option @@ -74,6 +76,7 @@ def test_0002_givenmail(self, multihost): assert result is not None @pytest.mark.tier1 + @pytest.mark.converted('test_schema.py', 'test_schema__ldap_extra_attrs_check_ldb') def test_0003_checkldb(self, multihost): """ :title: IDM-SSSD-TC: ldap_extra_attrs: Verify recently added @@ -110,6 +113,7 @@ def test_0003_checkldb(self, multihost): assert result is not None @pytest.mark.tier1 + @pytest.mark.converted('test_schema.py', 'test_schema__ldap_extra_attrs_negative_cache') def test_0004_negativecache(self, multihost): """ :title: IDM-SSSD-TC: ldap_extra_attrs: Check whether, not added @@ -139,6 +143,7 @@ def test_0004_negativecache(self, multihost): assert result is None @pytest.mark.tier1 + @pytest.mark.converted('test_schema.py', 'test_schema__ldap_extra_attrs_extra_email') def test_0005_ldapextraattrs(self, multihost): """ :title: IDM-SSSD-TC: ldap_extra_attrs: Check sssd should start with @@ -176,6 +181,7 @@ def test_0005_ldapextraattrs(self, multihost): assert result is not None @pytest.mark.tier1 + @pytest.mark.converted('test_schema.py', 'test_schema__ldap_extra_attrs_ifp') def test_0006_bz1667252(self, multihost): """ :title: ifp: crash when requesting extra attributes @@ -238,16 +244,11 @@ def test_bz847043(multihost, backupsssdconf): client.run_command('gcc -lpthread /tmp/sssd_client_hang.c' ' -o /tmp/client-hang') client.run_command("chown foo1 /tmp/client-hang") - ssh = pxssh.pxssh(options={"StrictHostKeyChecking": "no", - "UserKnownHostsFile": "/dev/null"}) - ssh.force_password = True + ssh = SSHClient(multihost.client[0].sys_hostname, 'foo1', 'Secret123') try: - ssh.login(multihost.client[0].sys_hostname, 'foo1', 'Secret123') - ssh.sendline("cd /tmp") - ssh.prompt(timeout=5) - ssh.sendline('./client-hang > output') - ssh.prompt(timeout=5) - except pxssh.ExceptionPxssh: + ssh.connect() + ssh.execute_command('cd /tmp; ./client-hang > output') + except Exception: pytest.fail("Ssh login failed.") time.sleep(2) log_str = multihost.client[0].get_file_contents("/tmp/output").decode('utf-8') diff --git a/src/tests/multihost/alltests/test_ldap_password_policy.py b/src/tests/multihost/alltests/test_ldap_password_policy.py index c32632fef06..d7c6d0a873b 100644 --- a/src/tests/multihost/alltests/test_ldap_password_policy.py +++ b/src/tests/multihost/alltests/test_ldap_password_policy.py @@ -9,8 +9,10 @@ import pytest import ldap import os +import subprocess from sssd.testlib.common.utils import sssdTools, LdapOperations from constants import ds_instance_name, ds_rootpw, ds_rootdn +from sssd.testlib.common.ssh2_python import check_login_client def find_logs(multihost, log_name, string_name): @@ -102,8 +104,7 @@ def test_bz748856(multihost, backupsssdconf, common_sssd_setup): 3. clear secure log 4. clear sssd logs and cache :steps: - 1. The user is able to authenticate using SSH password by asserting the - output of the tools.auth_client_ssh_password() function. + 1. The user is able to authenticate using SSH password by check_login_client function. 2. Searches for specific log messages in two log files (/var/log/secure and /var/log/sssd/sssd_{ds_instance_name}.log) using the find_logs() function, and raises an assertion error if @@ -125,7 +126,7 @@ def test_bz748856(multihost, backupsssdconf, common_sssd_setup): ldap_modify_ds(multihost, ldap.MOD_REPLACE, user_dn, 'userPassword', [b'Secret123']) client.run_command('> /var/log/secure') tools.clear_sssd_cache() - assert tools.auth_client_ssh_password('ppuser1', 'Secret123') + check_login_client(multihost, 'ppuser1', 'Secret123') time.sleep(3) file_scure = '/var/log/secure' file_ssd = f'/var/log/sssd/sssd_{ds_instance_name}.log' @@ -154,15 +155,10 @@ def test_maxage(multihost, backupsssdconf, common_sssd_setup): the expected log messages have been generated. 3. Sets the passwordExp configuration in the cn=config section of the 389-ds directory server to off using the ldap_modify_ds() function. - 4. Tests that the user is able to authenticate using SSH password by calling - the tools.auth_client_ssh_password() function with the new password (NewPass_123). - 5. Sets the user's password back to the original password (Secret123) using the ldap_modify_ds() function. :expectedresults: - 1. User should be able to reset expired password + 1. User should not be able to reset expired password 2. Corresponding logs should be generated 3. PasswordExp configuration in the cn=config section should success - 4. Authenticate using SSH password by user should success - 5. Changing user's password back to the original password should success """ client = multihost.client[0] tools = sssdTools(multihost.client[0]) @@ -172,17 +168,20 @@ def test_maxage(multihost, backupsssdconf, common_sssd_setup): ldap_modify_ds(multihost, ldap.MOD_REPLACE, user_dn, 'userPassword', [b'Secret123']) client.run_command('> /var/log/secure') tools.clear_sssd_cache() - client.run_command('sh /tmp/change_user_password_while_expired.sh') + client.run_command('sh /tmp/change_user_password_while_expired.sh', raiseonerr=False) time.sleep(3) file_scure = '/var/log/secure' file_ssd = f'/var/log/sssd/sssd_{ds_instance_name}.log' - find_logs(multihost, file_scure, "Password expired. Change your password now.") + log_str = multihost.client[0].get_file_contents(file_scure).decode('utf-8') + assert "Password expired. Change your password now." in log_str or \ + "Failed password for ppuser1" in log_str find_logs(multihost, file_ssd, "Server returned control [1.3.6.1.4.1.42.2.27.8.5.1]") - find_logs(multihost, file_ssd, "Password expired user must set a new password") + log_str = multihost.client[0].get_file_contents(file_ssd).decode('utf-8') + assert "Password expired user must set a new password" in log_str or \ + "Password expired, grace logins exhausted." in log_str ldap_modify_ds(multihost, ldap.MOD_REPLACE, cn_config, 'passwordExp', [b'off']) time.sleep(3) - assert tools.auth_client_ssh_password('ppuser1', 'NewPass_123') - ldap_modify_ds(multihost, ldap.MOD_REPLACE, user_dn, 'userPassword', [b'Secret123']) + check_login_client(multihost, 'ppuser1', 'Secret123') @staticmethod def test_bz954323(multihost, backupsssdconf, common_sssd_setup): @@ -196,7 +195,7 @@ def test_bz954323(multihost, backupsssdconf, common_sssd_setup): 3. Expire a user password ( by setting password Expiration Time) 4. Clear the secure log :steps: - 1. Calling tools.auth_client_ssh_password to authenticate + 1. Calling check_login_client to authenticate the user 'ppuser1' with a password on the client. 2. Calling find_logs to search for a specific message in a log file on the server. 3. Repeating steps 1-2 two more times, with different log search messages each time. @@ -209,21 +208,20 @@ def test_bz954323(multihost, backupsssdconf, common_sssd_setup): 4. Configuration settings should changed to modified earlier """ client = multihost.client[0] - tools = sssdTools(multihost.client[0]) cn_config = 'cn=config' ldap_modify_ds(multihost, ldap.MOD_REPLACE, cn_config, 'passwordExp', [b'on']) ldap_modify_ds(multihost, ldap.MOD_ADD, cn_config, 'passwordGraceLimit', [b'3']) client.run_command("> /var/log/secure") time.sleep(3) - assert tools.auth_client_ssh_password('ppuser1', 'Secret123') + check_login_client(multihost, 'ppuser1', 'Secret123') time.sleep(3) find_logs(multihost, "/var/log/secure", "You have 2 grace login(s) remaining") client.run_command("> /var/log/secure") - assert tools.auth_client_ssh_password('ppuser1', 'Secret123') + check_login_client(multihost, 'ppuser1', 'Secret123') time.sleep(3) find_logs(multihost, "/var/log/secure", "You have 1 grace login(s) remaining") client.run_command("> /var/log/secure") - assert tools.auth_client_ssh_password('ppuser1', 'Secret123') + check_login_client(multihost, 'ppuser1', 'Secret123') time.sleep(3) find_logs(multihost, "/var/log/secure", "You have 0 grace login(s) remaining") for element, value in [('passwordGraceLimit', []), @@ -244,7 +242,7 @@ def test_bz1146198_bz1144011(multihost, backupsssdconf, common_sssd_setup): :steps: 1. Run a script to simulate an expired password. 2. Calling find_logs to search for specific messages in log files on the server. - 3. Calling tools.auth_client_ssh_password to authenticate the user with a new password. + 3. Calling check_login_client to authenticate the user with a new password. 4. Calling ldap_modify_ds three times to delete some configuration settings related to password expiration for the directory :expectedresults: @@ -254,7 +252,6 @@ def test_bz1146198_bz1144011(multihost, backupsssdconf, common_sssd_setup): 4. New setting related to password change should success """ client = multihost.client[0] - tools = sssdTools(multihost.client[0]) cn_config = 'cn=config' ldap_modify_ds(multihost, ldap.MOD_ADD, cn_config, 'passwordMustChange', [b'on']) user_dn = 'uid=ppuser1,ou=People,dc=example,dc=test' @@ -267,7 +264,7 @@ def test_bz1146198_bz1144011(multihost, backupsssdconf, common_sssd_setup): find_logs(multihost, f'/var/log/sssd/sssd_{ds_instance_name}.log', "Password was reset. User must set a new password") time.sleep(3) - assert tools.auth_client_ssh_password('ppuser1', 'NewPass_123') + check_login_client(multihost, 'ppuser1', 'NewPass_123') for element, value in [('passwordMustChange', []), ('passwordWarning', []), ('passwordExp', [b'on'])]: diff --git a/src/tests/multihost/alltests/test_misc.py b/src/tests/multihost/alltests/test_misc.py index 33d64d16ce3..676b9678939 100644 --- a/src/tests/multihost/alltests/test_misc.py +++ b/src/tests/multihost/alltests/test_misc.py @@ -12,10 +12,20 @@ import time import subprocess import pytest -from sssd.testlib.common.expect import pexpect_ssh -from sssd.testlib.common.exceptions import SSHLoginException +import textwrap +from datetime import datetime as D_T from sssd.testlib.common.utils import sssdTools, LdapOperations -from constants import ds_instance_name, ds_suffix +from constants import ds_instance_name, ds_suffix, ds_rootdn, ds_rootpw +from sssd.testlib.common.ssh2_python import check_login_client + + +def find_logs(multihost, log_name, string_name): + """This function will find strings in a log file + log_name: Absolute path of log where the search will happen. + string_name: String to search in the log file. + """ + log_str = multihost.client[0].get_file_contents(log_name).decode('utf-8') + return string_name in log_str @pytest.mark.usefixtures('setup_sssd', 'create_posix_usersgroups') @@ -123,41 +133,15 @@ def test_0003_sssd_crashes_after_update(self, multihost, client.sssd_conf(f'domain/{domain_name}', domain_params) client.sssd_conf("sssd", {'enable_files_domain': 'true'}, action='update') multihost.client[0].service_sssd('restart') - user = 'foo1@%s' % domain_name - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret1234', debug=False) - with pytest.raises(SSHLoginException): - client.login(login_timeout=10, - sync_multiplier=1, auto_prompt_reset=False) + user = f'foo1@{domain_name}' + check_login_client(multihost, user, "Secret123") time.sleep(2) - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - try: - client.login(login_timeout=30, - sync_multiplier=5, auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() - for _ in range(3): - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret1234', debug=False) - with pytest.raises(SSHLoginException): - client.login(login_timeout=10, - sync_multiplier=1, auto_prompt_reset=False) + check_login_client(multihost, user, "Secret123") time.sleep(2) - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - try: - client.login(login_timeout=30, - sync_multiplier=5, auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, "Secret123") time.sleep(2) - cmd_id = 'id %s' % user + cmd_id = f'id {user}' cmd = multihost.client[0].run_command(cmd_id) if "no such user" in cmd.stdout_text: status = "FAIL" @@ -447,15 +431,8 @@ def test_0008_1636002(multihost, backupsssdconf): # Try ssh after socket activation is configured # Result does not matter we just need to trigger the PAM stack - ssh_client = pexpect_ssh( - multihost.client[0].sys_hostname, user, 'Secret123', debug=False) - try: - ssh_client.login( - login_timeout=30, sync_multiplier=5, auto_prompt_reset=False) - except SSHLoginException: - pass - else: - ssh_client.logout() + with pytest.raises(Exception): + check_login_client(multihost, user, 'Secret123') # Print pam log for debug purposes multihost.client[0].run_command( @@ -532,3 +509,86 @@ def test_0009_dbus_method_find_usrby_attr(multihost, backupsssdconf, ldap_posix_ assert cmd2.stdout_text.strip('\n') in cmd.stdout_text, 'dbus is not fetching expected users' cmd1 = multihost.client[0].run_command(f'id -u {usr}@{domain_name}', raiseonerr=False) assert cmd1.stdout_text.strip('\n') not in cmd.stdout_text, 'dbus is fetching unwanted user' + + @staticmethod + @pytest.mark.tier1_4 + def test_bz822236(multihost, backupsssdconf): + """ + :title: Netgroups do not honor entry cache nowait percentage + :id: dda33ba4-ef10-11ed-a27d-845cf3eff344 + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=822236 + :setup: + 1. Retrieve the name of the network interface that is currently connected using + the 'nmcli' command, and saves it to the 'intf' variable. + 2. Sets up an LDAP connection to the LDAP server using the LdapOperations class. + 3. Creates a new organizational unit named "Netgroup" under the base DN + specified in the 'ds_suffix' variable. + 4. Creates a new LDAP entry for a netgroup named "netgrp_nowait" + under the "Netgroup" organizational unit. + 5. Use the sssdTools class to update the configuration file for the + 'nss' and 'domain/example1' sections of the SSSD service. + 7. Clear the SSSD cache using the 'clear_sssd_cache' method of the sssdTools class. + 8. Delete the contents of the '/var/log/sssd/sssd_nss.log' file + 9. Add a 50ms delay to the network interface using the 'tc' command. + :steps: + 1. Measures the response time for the 'getent netgroup netgrp_nowait' + command and saves it to the 'res_time' variable. + 2. Run a loop that repeats the 'getent netgroup netgrp_nowait' command 4 times + and checks if the response time is less than to the initial response time. + 3. Wait for 15 seconds before deleting the contents of the '/var/log/sssd/sssd_nss.log' file again. + 4. Remove the network delay added in step 9 using the 'tc' command. + :expectedresults: + 1. res_time variable will have the response time + 2. Response time is less than to the initial response time + 3. Wait for 15 seconds + 4. Network delay should be removed + """ + client = multihost.client[0] + log_nss = '/var/log/sssd/sssd_nss.log' + ldap_uri = 'ldap://%s' % (multihost.master[0].sys_hostname) + ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) + ldap_inst.org_unit("Netgroup", ds_suffix) + user_dn = f'cn=netgrp_nowait,ou=Netgroup,{ds_suffix}' + user_info = {'cn': 'netgrp_nowait'.encode('utf-8'), + 'objectClass': ['nisNetgroup'.encode('utf-8'), + 'top'.encode('utf-8')], + 'nisNetgroupTriple': '(host1,kau10,example.com)'.encode('utf-8')} + ldap_inst.add_entry(user_info, user_dn) + tools = sssdTools(multihost.client[0]) + tools.sssd_conf("nss", {'filter_groups': 'root', + 'filter_users': 'root', + 'debug_level': '9', + 'entry_cache_nowait_percentage': '50'}, action='update') + tools.sssd_conf("domain/example1", + {'entry_cache_timeout': '30', + 'ldap_netgroup_search_base': f"ou=Netgroup,{ds_suffix}"}, action='update') + tools.clear_sssd_cache() + client.run_command(f"> {log_nss}") + intf = [s for s in client.run_command("nmcli").stdout_text.split('\n') + if re.search(r'\b' + "connected to" + r'\b', s)][0].split(":")[0] + client.run_command(f"tc qdisc add dev {intf} root netem delay 50ms") + start = D_T.now() + client.run_command("getent netgroup netgrp_nowait") + end = D_T.now() + res_time = end - start + time.sleep(16) + time_diff = [] + find_logs_results = [] + for _ in range(4): + start = D_T.now() + client.run_command("getent netgroup netgrp_nowait") + end = D_T.now() + loop_response = end - start + time_diff.append(loop_response < res_time) + time.sleep(3) + find_logs_results.append(find_logs(multihost, + log_nss, + "Performing midpoint cache " + "update of [netgrp_nowait@example1]")) + client.run_command(f"> {log_nss}") + time.sleep(15) + client.run_command(f"tc qdisc del dev {intf} root") + ldap_inst.del_dn(user_dn) + ldap_inst.del_dn(f"ou=Netgroup,{ds_suffix}") + assert all(find_logs_results), "Searched string not found in the logs" + assert all(time_diff), "Test failed as the cache response time is higher." diff --git a/src/tests/multihost/alltests/test_misc_proxy.py b/src/tests/multihost/alltests/test_misc_proxy.py index f5f59b1795c..289260d857a 100644 --- a/src/tests/multihost/alltests/test_misc_proxy.py +++ b/src/tests/multihost/alltests/test_misc_proxy.py @@ -14,8 +14,7 @@ import ldap from sssd.testlib.common.utils import sssdTools, LdapOperations from sssd.testlib.common.libkrb5 import krb5srv -from sssd.testlib.common.expect import pexpect_ssh -from sssd.testlib.common.exceptions import SSHLoginException +from sssd.testlib.common.ssh2_python import check_login_client_bool, check_login_client def execute_cmd(multihost, command): @@ -319,7 +318,7 @@ def test_bz647816(multihost, backupsssdconf): tools.sssd_conf('domain/' + domain_name, domain_params) tools.clear_sssd_cache() for _ in range(12): - tools.auth_from_client("foo1@example1", "Secret123") + check_login_client(multihost, "foo1@example1", "Secret123") with pytest.raises(subprocess.CalledProcessError): execute_cmd(multihost, "grep 'All available child slots are full, " "queuing request' /var/log/sssd/*") @@ -429,10 +428,10 @@ def test_0002_bz1209483(multihost, backupsssdconf): tools.sssd_conf('domain/' + domain_name, domain_params) tools.clear_sssd_cache() getent = execute_cmd(multihost, "getent passwd -s sss foo2") - ssh_res = tools.auth_from_client("foo2", "Secret123") == 3 + ssh = check_login_client_bool(multihost, "foo2", "Secret123") execute_cmd(multihost, "userdel -rf foo2") + assert ssh, 'foo2 is not able to login.' assert "foo2:*:2001:2001::/home/foo2:/bin/bash" in getent.stdout_text - assert ssh_res, "Ssh for user foo2 failed." @staticmethod @pytest.mark.tier2 @@ -469,16 +468,8 @@ def test_bz1368467(multihost, backupsssdconf, create_350_posix_users): # sssd runs out of available child slots and starts # queuing requests in proxy mode execute_cmd(multihost, "systemctl start nslcd.service") - client_hostip = multihost.client[0].ip for i in range(1, 351): - try: - client = pexpect_ssh(client_hostip, f"doo{i}", 'Secret123', debug=False) - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail(f"doo{i} failed to login") - else: - client.logout() + check_login_client(multihost, f"doo{i}", 'Secret123') with pytest.raises(subprocess.CalledProcessError): execute_cmd(multihost, "grep 'All available child slots are full, " "queuing request' /var/log/sssd/*") diff --git a/src/tests/multihost/alltests/test_multidomain.py b/src/tests/multihost/alltests/test_multidomain.py index 4c4b2aa3053..179583e84f8 100644 --- a/src/tests/multihost/alltests/test_multidomain.py +++ b/src/tests/multihost/alltests/test_multidomain.py @@ -11,6 +11,7 @@ import datetime import pytest from sssd.testlib.common.utils import sssdTools +from sssd.testlib.common.ssh2_python import check_login_client @pytest.mark.usefixtures('posix_users_multidomain', 'sssdproxyldap', @@ -81,8 +82,7 @@ def test_0003_proxyldap2(multihost, multidomain_sssd): else: assert getent.returncode == 0 for user in ['puser11@proxy', 'quser10']: - ssh = tools.auth_from_client(user, 'Secret123') == 3 - assert ssh, f"Ssh failed for user {user}!" + check_login_client(multihost, user, 'Secret123') @staticmethod @pytest.mark.tier2 @@ -107,8 +107,7 @@ def test_0004_proxyldap2(multihost, multidomain_sssd): else: assert getent.returncode == 0 for user in ['puser11', 'quser11@ldap2']: - ssh = tools.auth_from_client(user, 'Secret123') == 3 - assert ssh, f"Ssh failed for user {user}!" + check_login_client(multihost, user, 'Secret123') @pytest.mark.tier2 def test_0005_proxyldap2(self, multihost, multidomain_sssd): @@ -443,8 +442,7 @@ def test_0022_ldapldap(multihost, multidomain_sssd): for dom in range(2): for idx in range(5): user = '%suser%d@ldap%d' % (suffix[dom], idx, dom + 1) - ssh = tools.auth_from_client(user, 'Secret123') == 3 - assert ssh, f"Ssh failed for user {user}!" + check_login_client(multihost, user, 'Secret123') pamlogfile = '/var/log/sssd/sssd_pam.log' find1 = re.compile(r'\[puser0\@ldap1\]') find2 = re.compile(r'\[quser0\@ldap2\]') @@ -486,8 +484,7 @@ def test_0023_ldapldap(multihost, multidomain_sssd): print("start time = ", starttime) user = '%suser1@ldap%d' % (suffix[dom], dom + 1) print("user =", user) - ssh = client_tools.auth_from_client(user, 'Secret123') == 3 - assert ssh, f"Ssh failed for user {user}!" + check_login_client(multihost, user, 'Secret123') t2 = datetime.datetime.now() endtime = t2.second print("end time = ", endtime) diff --git a/src/tests/multihost/alltests/test_ns_account_lock.py b/src/tests/multihost/alltests/test_ns_account_lock.py index 0110d5a8aea..1666e2341bd 100644 --- a/src/tests/multihost/alltests/test_ns_account_lock.py +++ b/src/tests/multihost/alltests/test_ns_account_lock.py @@ -13,6 +13,7 @@ import pytest from sssd.testlib.common.utils import LdapOperations from sssd.testlib.common.utils import sssdTools +from sssd.testlib.common.ssh2_python import check_login_client def execute_cmd(multihost, command): @@ -103,7 +104,6 @@ def test_user_inactivated_locked(multihost): 3. Should succeed """ clean_sys(multihost) - client = sssdTools(multihost.client[0]) assert "foo1@example1" in \ execute_cmd(multihost, "getent -s sss passwd" " foo1@example1").stdout_text @@ -112,17 +112,16 @@ def test_user_inactivated_locked(multihost): "ldapusers@example1").stdout_text manage_user_roles(multihost, "uid=foo1", "lock", "account") - ssh0 = client.auth_from_client("foo1@example1", 'Secret123') == 3 + with pytest.raises(Exception): + check_login_client(multihost, "foo1@example1", 'Secret123') time.sleep(3) lock_check(multihost, "foo1") # User is activated or unlocked clean_sys(multihost) manage_user_roles(multihost, "uid=foo1", "unlock", "account") - ssh1 = client.auth_from_client("foo1@example1", 'Secret123') == 3 + check_login_client(multihost, "foo1@example1", 'Secret123') time.sleep(3) unlock_check(multihost, "foo1") - assert not ssh0, "Ssh passed instead of failing!" - assert ssh1, "Ssh failed instead of passing!" @staticmethod def test_inactive_managed_roles(multihost): @@ -146,7 +145,8 @@ def test_inactive_managed_roles(multihost): ds_rootdn = 'cn=Directory Manager' ds_rootpw = 'Secret123' manage_user_roles(multihost, "cn=managed", "lock", "role") - ssh0 = client.auth_from_client("foo1@example1", 'Secret123') == 3 + with pytest.raises(Exception): + check_login_client(multihost, "foo1@example1", 'Secret123') time.sleep(3) lock_check(multihost, "foo1") # User added to the above inactive managed role @@ -157,7 +157,8 @@ def test_inactive_managed_roles(multihost): add_member = [(ldap.MOD_ADD, 'nsRoleDN', role_dn.encode('utf-8'))] (ret, _) = ldap_inst.modify_ldap(user_dn, add_member) assert ret == 'Success' - ssh1 = client.auth_from_client("foo2@example1", 'Secret123') == 3 + with pytest.raises(Exception): + check_login_client(multihost, "foo2@example1", 'Secret123') time.sleep(3) lock_check(multihost, "foo2") # User removed from the above inactive managed role @@ -168,19 +169,15 @@ def test_inactive_managed_roles(multihost): add_member = [(ldap.MOD_DELETE, 'nsRoleDN', role_dn.encode('utf-8'))] (ret, _) = ldap_inst.modify_ldap(user_dn, add_member) assert ret == 'Success' - ssh2 = client.auth_from_client("foo2@example1", 'Secret123') == 3 + check_login_client(multihost, "foo2@example1", 'Secret123') time.sleep(3) unlock_check(multihost, "foo2") # Activate managed role clean_sys(multihost) manage_user_roles(multihost, "cn=managed", "unlock", "role") - ssh3 = client.auth_from_client("foo1@example1", 'Secret123') == 3 + check_login_client(multihost, "foo1@example1", 'Secret123') time.sleep(3) unlock_check(multihost, "foo1") - assert not ssh0, "Ssh passed instead of failing for foo1!" - assert not ssh1, "Ssh passed instead of failing for foo2!" - assert ssh2, "Ssh failed for foo2!" - assert ssh3, "Ssh failed for foo1!" @staticmethod def test_inactivated_filtered_roles(multihost): @@ -210,13 +207,15 @@ def test_inactivated_filtered_roles(multihost): (ret, _) = ldap_inst.modify_ldap(user_dn, add_member) assert ret == 'Success' manage_user_roles(multihost, "cn=filtered", "lock", "role") - ssh0 = client.auth_from_client("foo3@example1", 'Secret123') == 3 + with pytest.raises(Exception): + check_login_client(multihost, "foo3@example1", 'Secret123') time.sleep(3) lock_check(multihost, "foo3") # User added to the above inactive filtered role clean_sys(multihost) - ssh1 = client.auth_from_client("foo4@example1", 'Secret123') == 3 + with pytest.raises(Exception): + check_login_client(multihost, "foo4@example1", 'Secret123') time.sleep(3) lock_check(multihost, "foo4") @@ -228,19 +227,15 @@ def test_inactivated_filtered_roles(multihost): add_member = [(ldap.MOD_DELETE, 'o', role_dn.encode('utf-8'))] (ret, _) = ldap_inst.modify_ldap(user_dn, add_member) assert ret == 'Success' - ssh2 = client.auth_from_client("foo3@example1", 'Secret123') == 3 + check_login_client(multihost, "foo3@example1", 'Secret123') time.sleep(3) unlock_check(multihost, "foo3") # Activate filtered role clean_sys(multihost) manage_user_roles(multihost, "cn=filtered", "unlock", "role") - ssh3 = client.auth_from_client("foo4@example1", 'Secret123') == 3 + check_login_client(multihost, "foo4@example1", 'Secret123') time.sleep(3) unlock_check(multihost, "foo4") - assert not ssh0, "Ssh passed instead of failing!" - assert not ssh1, "Ssh passed instead of failing!" - assert ssh2, "Ssh failed for foo3!" - assert ssh3, "Ssh failed for foo4!" @staticmethod def test_nested_role_inactivated(multihost): @@ -276,11 +271,13 @@ def test_nested_role_inactivated(multihost): user_dn = 'cn=nested,ou=People,dc=example,dc=test' (_, _) = ldap_inst.add_entry(user_info, user_dn) manage_user_roles(multihost, "cn=nested", "lock", "role") - ssh0 = client.auth_from_client("foo1@example1", 'Secret123') == 3 + with pytest.raises(Exception): + check_login_client(multihost, "foo1@example1", 'Secret123') time.sleep(3) lock_check(multihost, "foo1") - ssh1 = client.auth_from_client("foo4@example1", 'Secret123') == 3 + with pytest.raises(Exception): + check_login_client(multihost, "foo4@example1", 'Secret123') time.sleep(3) lock_check(multihost, "foo4") @@ -288,12 +285,8 @@ def test_nested_role_inactivated(multihost): clean_sys(multihost) ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) manage_user_roles(multihost, "cn=nested", "unlock", "role") - ssh2 = client.auth_from_client("foo1@example1", 'Secret123') == 3 - ssh3 = client.auth_from_client("foo4@example1", 'Secret123') == 3 + check_login_client(multihost, "foo1@example1", 'Secret123') + check_login_client(multihost, "foo4@example1", 'Secret123') time.sleep(3) unlock_check(multihost, "foo1") unlock_check(multihost, "foo4") - assert not ssh0, "Ssh passed instead of failing!" - assert not ssh1, "Ssh passed instead of failing!" - assert ssh2, "Ssh failed for foo3!" - assert ssh3, "Ssh failed for foo4!" diff --git a/src/tests/multihost/alltests/test_offline.py b/src/tests/multihost/alltests/test_offline.py index 7697c6d486e..3f003a675a6 100644 --- a/src/tests/multihost/alltests/test_offline.py +++ b/src/tests/multihost/alltests/test_offline.py @@ -10,7 +10,7 @@ import time import pytest from sssd.testlib.common.utils import sssdTools -from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.ssh2_python import check_login_client from constants import ds_instance_name @@ -20,6 +20,7 @@ class TestOffline(object): """ This is test case class for ldap offline suite """ + @pytest.mark.converted('test_offline.py', 'test_offline__ldap_log_to_syslog') @pytest.mark.tier1 def test_0001_bz1416150(self, multihost, backupsssdconf): """ @@ -48,6 +49,7 @@ def test_0001_bz1416150(self, multihost, backupsssdconf): get_date = multihost.client[0].run_command(date, raiseonerr=False) date_org = get_date.stdout_text date = '"' + date_org[0:19] + '"' + multihost.client[0].service_sssd('restart') # Check server status in syslog syslog = 'journalctl --since %s -xeu sssd' % date time.sleep(80) @@ -57,6 +59,7 @@ def test_0001_bz1416150(self, multihost, backupsssdconf): else: pytest.fail("Failed to start sssd") + @pytest.mark.converted('test_offline.py', 'test_offline__ldap_network_timeout_parameters_shown_in_logs') @pytest.mark.tier1_2 def test_0002_bz1928648(self, multihost, backupsssdconf): """ @@ -100,16 +103,16 @@ def test_0002_bz1928648(self, multihost, backupsssdconf): f' -j DROP') assert block_ip.returncode == 0 user = 'foo1@example1' - client_hostname = multihost.client[0].sys_hostname - client = pexpect_ssh(client_hostname, user, 'Secret123', - debug=False) - with pytest.raises(Exception): - client.login(login_timeout=5, - sync_multiplier=1, - auto_prompt_reset=False) - multihost.client[0].run_command(f"iptables " - f"-D OUTPUT -d " - f"{hostname} -j DROP") + time.sleep(5) + try: + with pytest.raises(Exception): + check_login_client(multihost, user, 'Secret123') + except (Exception) as e: + pytest.fail(e) + finally: + multihost.client[0].run_command(f"iptables " + f"-D OUTPUT -d " + f"{hostname} -j DROP") it_cat = "cat /var/log/sssd/sssd_example1.log" cat_read = multihost.client[0].run_command(it_cat) for i in ['ldap_opt_timeout', diff --git a/src/tests/multihost/alltests/test_password_policy.py b/src/tests/multihost/alltests/test_password_policy.py index e5b5c952801..418258be497 100644 --- a/src/tests/multihost/alltests/test_password_policy.py +++ b/src/tests/multihost/alltests/test_password_policy.py @@ -12,6 +12,7 @@ import pytest from constants import ds_instance_name from sssd.testlib.common.utils import sssdTools +from sssd.testlib.common.ssh2_python import check_login_client_bool @pytest.mark.usefixtures('setup_sssd', 'create_posix_usersgroups', @@ -21,6 +22,7 @@ class TestPasswordCheck(object): """ This is test case class for password policy test suite """ + @pytest.mark.converted('test_ldap.py', 'test_ldap__change_password') @staticmethod @pytest.mark.tier2 def test_0001_changeuserpass(multihost): @@ -47,16 +49,17 @@ def test_0001_changeuserpass(multihost): 'bumblebee@123') assert change_pass == 3 # Verify the login of user with updated password - ssh = tools.auth_from_client(user, 'bumblebee@123') == 3 - assert ssh, "Authentication failed!" + ssh = check_login_client_bool(multihost, user, 'bumblebee@123') # Revert back the password to old one change_pass_old = tools.change_user_password(user, 'bumblebee@123', 'bumblebee@123', 'Secret123', 'Secret123') + assert ssh, f'{user} is not able to login.' assert change_pass_old == 3 + @pytest.mark.converted('test_ldap.py', 'test_ldap__change_password_new_pass_not_match') @staticmethod @pytest.mark.tier2 def test_0002_newpassnotmatch(multihost): @@ -83,6 +86,7 @@ def test_0002_newpassnotmatch(multihost): 'bumblebee') assert change_pass == 5 + @pytest.mark.converted('test_ldap.py', 'test_ldap__change_password_lowercase') @staticmethod @pytest.mark.tier2 def test_0003_smallnewpass(multihost): @@ -115,6 +119,7 @@ def test_0003_smallnewpass(multihost): '/var/log/secure') assert log1.search(test_str_log.decode()) + @pytest.mark.converted('test_ldap.py', 'test_ldap__change_password_wrong_current') @staticmethod @pytest.mark.tier2 def test_0004_wrongcurrentpass(multihost): diff --git a/src/tests/multihost/alltests/test_proxy.py b/src/tests/multihost/alltests/test_proxy.py index e9b59b672a4..4aa0452a4e8 100644 --- a/src/tests/multihost/alltests/test_proxy.py +++ b/src/tests/multihost/alltests/test_proxy.py @@ -12,11 +12,9 @@ import time from string import Template import pytest - from constants import ds_suffix -from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.ssh2_python import SSHClient from sssd.testlib.common.utils import sssdTools -from sssd.testlib.common.exceptions import SSHLoginException @pytest.mark.usefixtures('setup_sssd_krb', 'create_host_keytab', @@ -61,19 +59,18 @@ def test_0001_1724717(self, multihost): cat = 'cat /etc/sssd/sssd.conf' multihost.client[0].run_command(cat) multihost.client[0].service_sssd('start') - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) + client = SSHClient(multihost.client[0].sys_hostname, user, 'Secret123') try: - client.login() - except SSHLoginException: + client.connect() + except Exception: multihost.client[0].run_command(del_user) multihost.client[0].run_command(restore) pytest.fail("%s failed to login" % user) else: id_cmd = 'id %s' % user - (ret1, ret) = client.command(id_cmd) + ret1 = client.execute_command(id_cmd) assert "no such user" not in ret1 - client.logout() + client.close() # On fedora after user logs out it takes time # for systemd process running as user to get stopped, hence # adding sleep diff --git a/src/tests/multihost/alltests/test_proxy_provider_krb_auth.py b/src/tests/multihost/alltests/test_proxy_provider_krb_auth.py index de53e82cd4d..0192eeabdec 100644 --- a/src/tests/multihost/alltests/test_proxy_provider_krb_auth.py +++ b/src/tests/multihost/alltests/test_proxy_provider_krb_auth.py @@ -9,6 +9,7 @@ from __future__ import print_function import pytest from sssd.testlib.common.utils import sssdTools +from sssd.testlib.common.ssh2_python import check_login_client_bool, check_login_client def execute_cmd(multihost, command): @@ -43,8 +44,8 @@ def test_proxy_lookup(multihost): # proxy lookup and kerberos auth tools = sssdTools(multihost.client[0]) tools.clear_sssd_cache() - ssh1 = tools.auth_from_client("foo2@example1", 'Secret123') == 3 - assert ssh1, "Ssh failed instead of passing!" + ssh = check_login_client_bool(multihost, "foo2@example1", 'Secret123') + assert ssh, 'foo2@example1 is not able to login.' assert "home/foo2:/bin/bash" in execute_cmd(multihost, "getent -s " "ldap passwd " @@ -91,22 +92,26 @@ def test_server_access(multihost): """ tools = sssdTools(multihost.client[0]) tools.clear_sssd_cache() - ssh0 = tools.auth_from_client("foo2@example1", 'Secret123') == 3 + ssh = check_login_client_bool(multihost, "foo2@example1", 'Secret123') # block_server_access execute_cmd(multihost, "systemctl start firewalld") execute_cmd(multihost, f"firewall-cmd --direct " f"--add-rule ipv4 filter " f"OUTPUT 0 -d {multihost.master[0].ip} " f"-j DROP") - - ssh1 = tools.auth_from_client("foo2@example1", 'Secret123') == 3 - - # unblock_server_access - execute_cmd(multihost, "firewall-cmd --reload") - execute_cmd(multihost, "systemctl stop firewalld") - tools.clear_sssd_cache() - ssh2 = tools.auth_from_client("foo2@example1", 'Secret123') == 3 - - assert ssh0, "Ssh failed instead of passing!" - assert not ssh1, "Ssh passed instead of failing!" - assert ssh2, "Ssh failed instead of passing!" + try: + with pytest.raises(Exception): + check_login_client(multihost, "foo2@example1", 'Secret123') + # unblock_server_access + execute_cmd(multihost, "firewall-cmd --reload") + execute_cmd(multihost, "systemctl stop firewalld") + tools.clear_sssd_cache() + ssh2 = check_login_client_bool(multihost, "foo2@example1", 'Secret123') + assert ssh, 'foo2@example1 is not able to login.' + assert ssh2, 'foo2@example1 is not able to login.' + except Exception: + # unblock_server_access + execute_cmd(multihost, "firewall-cmd --reload") + execute_cmd(multihost, "systemctl stop firewalld") + tools.clear_sssd_cache() + pytest.fail("foo2@example1 was able to login") diff --git a/src/tests/multihost/alltests/test_proxy_rfc2307.py b/src/tests/multihost/alltests/test_proxy_rfc2307.py index dbcdfbbb88f..dec329d8ad4 100644 --- a/src/tests/multihost/alltests/test_proxy_rfc2307.py +++ b/src/tests/multihost/alltests/test_proxy_rfc2307.py @@ -10,8 +10,7 @@ import subprocess import time from sssd.testlib.common.utils import sssdTools, LdapOperations -from sssd.testlib.common.exceptions import SSHLoginException -from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.ssh2_python import check_login_client from constants import ds_suffix, ds_instance_name @@ -136,16 +135,8 @@ def test_lookup_user_group(self, multihost, backupsssdconf): "getent group User_CS1_grp1_Alias | grep User_CS1_grp1", "getent group User_CS1_grp1_Alias | grep User_CS1"]: execute_cmd(multihost, i) - client_hostip = multihost.client[0].ip for user in ['User_CS1', 'User_CS1_Alias']: - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, "Secret123") for i in ["getent passwd user_cs1", "getent passwd user_cs1_alias", "getent group user_cs1_grp1", @@ -198,11 +189,8 @@ def test_simple_deny_groups_user_cs1_grp1(self, multihost, backupsssdconf): "id User_CS1", "> /var/log/secure"]: execute_cmd(multihost, i) - client_hostip = multihost.client[0].ip - client = pexpect_ssh(client_hostip, "User_CS1", 'Secret123', debug=False) with pytest.raises(Exception): - client.login(login_timeout=10, sync_multiplier=1, - auto_prompt_reset=False) + check_login_client(multihost, "User_CS1", "Secret123") time.sleep(3) execute_cmd(multihost, 'cat /var/log/secure | grep -i "Access denied for user User_CS1"') @@ -227,15 +215,7 @@ def test_simple_deny_groups_user_cs_grp1(self, multihost, backupsssdconf): tools.clear_sssd_cache() for i in ["getent passwd User_CS1", "id User_CS1"]: execute_cmd(multihost, i) - client_hostip = multihost.client[0].ip - client = pexpect_ssh(client_hostip, "User_CS1", 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % "User_CS1") - else: - client.logout() + check_login_client(multihost, "User_CS1", "Secret123") def test_simple_deny_users_user_CS1(self, multihost, backupsssdconf): """ @@ -260,11 +240,8 @@ def test_simple_deny_users_user_CS1(self, multihost, backupsssdconf): "id User_CS1", "> /var/log/secure"]: execute_cmd(multihost, i) - client_hostip = multihost.client[0].ip - client = pexpect_ssh(client_hostip, "User_CS1", 'Secret123', debug=False) with pytest.raises(Exception): - client.login(login_timeout=10, sync_multiplier=1, - auto_prompt_reset=False) + check_login_client(multihost, "User_CS1", "Secret123") time.sleep(3) execute_cmd(multihost, 'cat /var/log/secure | grep -i "Access denied for user User_CS1"') @@ -286,15 +263,7 @@ def test_simple_deny_users_user_cs1(self, multihost, backupsssdconf): 'simple_deny_users': 'user_cs1'} tools.sssd_conf('domain/' + domain_name, domain_params) tools.clear_sssd_cache() - client_hostip = multihost.client[0].ip - client = pexpect_ssh(client_hostip, "User_CS1", 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % "User_CS1") - else: - client.logout() + check_login_client(multihost, "User_CS1", "Secret123") def test_bz1007381(self, multihost, backupsssdconf): """ @@ -441,15 +410,7 @@ def test_fully_qualified_names(self, multihost, backupsssdconf): "getent group User_CS1_grp1@example1", "id User_CS1@example1"]: execute_cmd(multihost, command) - client_hostip = multihost.client[0].ip - client = pexpect_ssh(client_hostip, "User_CS1@example1", 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % "User_CS1@example1") - else: - client.logout() + check_login_client(multihost, "User_CS1@example1", "Secret123") def test_min_id_max_id(self, multihost, backupsssdconf): """ @@ -518,16 +479,8 @@ def test_case_sensitive_false_lookup_user_group(self, multihost, backupsssdconf) "id User_cs1 | grep user_cs1_grp1", "id user_cs1_Alias | grep user_cs1_grp1"]: execute_cmd(multihost, command) - client_hostip = multihost.client[0].ip for user in ['user_cs1', 'user_cs1_alias']: - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, "Secret123") def test_case_sensitive_false_deny_users_user_cs1(self, multihost, backupsssdconf): """ @@ -543,7 +496,6 @@ def test_case_sensitive_false_deny_users_user_cs1(self, multihost, backupsssdcon sssd_params = {'domains': ds_instance_name} tools.sssd_conf('sssd', sssd_params) domain_name = tools.get_domain_section_name() - client_hostip = multihost.client[0].ip domain_params = {'case_sensitive': 'false', 'access_provider': 'simple', 'simple_deny_users': 'user_cs1'} @@ -551,24 +503,15 @@ def test_case_sensitive_false_deny_users_user_cs1(self, multihost, backupsssdcon tools.clear_sssd_cache() for user in ['User_cs1', 'user_cs1_alias']: execute_cmd(multihost, "> /var/log/secure") - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) with pytest.raises(Exception): - client.login(login_timeout=10, sync_multiplier=1, - auto_prompt_reset=False) + check_login_client(multihost, user, "Secret123") time.sleep(3) execute_cmd(multihost, f'cat /var/log/secure | grep "Access denied for user {user}"') execute_cmd(multihost, "> /var/log/secure") execute_cmd(multihost, "sed -i 's/user_cs1/user_cs1_alias/' /etc/sssd/sssd.conf") tools.clear_sssd_cache() for user in ['user_cs1', 'user_cs1_alias']: - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, "Secret123") def test_case_sensitive_false_deny_groups_user_cs1_grp1(self, multihost, backupsssdconf): """ @@ -580,7 +523,6 @@ def test_case_sensitive_false_deny_groups_user_cs1_grp1(self, multihost, backups 1. Should succeed """ config_sssd(multihost) - client_hostip = multihost.client[0].ip tools = sssdTools(multihost.client[0]) sssd_params = {'domains': ds_instance_name} tools.sssd_conf('sssd', sssd_params) @@ -593,24 +535,15 @@ def test_case_sensitive_false_deny_groups_user_cs1_grp1(self, multihost, backups tools.clear_sssd_cache() for user in ['User_cs1', 'user_cs1_alias']: execute_cmd(multihost, "> /var/log/secure") - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) with pytest.raises(Exception): - client.login(login_timeout=10, sync_multiplier=1, - auto_prompt_reset=False) + check_login_client(multihost, user, "Secret123") time.sleep(3) execute_cmd(multihost, f'cat /var/log/secure | grep -i "Access denied for user {user}"') execute_cmd(multihost, "> /var/log/secure") execute_cmd(multihost, "sed -i 's/user_cs1_grp1/user_cs1_grp1_alias/' /etc/sssd/sssd.conf") tools.clear_sssd_cache() for user in ['user_cs1', 'user_cs1_alias']: - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, "Secret123") def test_outgoing_ldaps(self, multihost, backupsssdconf): """ @@ -638,32 +571,12 @@ def test_outgoing_ldaps(self, multihost, backupsssdconf): domain_params = {'access_provider': 'simple', 'cache_credentials': "true"} tools.sssd_conf('domain/' + domain_name, domain_params) tools.clear_sssd_cache() - client_hostip = multihost.client[0].ip - client = pexpect_ssh(client_hostip, "User_CS1", 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % "User_CS1") - else: - client.logout() + check_login_client(multihost, "User_CS1", "Secret123") # block master server multihost.client[0].run_command('iptables -A OUTPUT -p tcp --match multiport --dport 389,636') time.sleep(5) - client = pexpect_ssh(client_hostip, "User_CS1", 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % "User_CS1") - else: - client.logout() + check_login_client(multihost, "User_CS1", "Secret123") # unblock master server multihost.client[0].run_command("iptables -D OUTPUT -p tcp --match multiport --dport 389,636") time.sleep(5) - client = pexpect_ssh(client_hostip, "User_CS1", 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % "User_CS1") - else: - client.logout() + check_login_client(multihost, "User_CS1", "Secret123") diff --git a/src/tests/multihost/alltests/test_proxy_rfc2307bis.py b/src/tests/multihost/alltests/test_proxy_rfc2307bis.py index f7119b75c28..06e687ec9d8 100644 --- a/src/tests/multihost/alltests/test_proxy_rfc2307bis.py +++ b/src/tests/multihost/alltests/test_proxy_rfc2307bis.py @@ -10,8 +10,7 @@ import subprocess import time from sssd.testlib.common.utils import sssdTools, LdapOperations -from sssd.testlib.common.exceptions import SSHLoginException -from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.ssh2_python import check_login_client from constants import ds_suffix, ds_instance_name @@ -133,16 +132,8 @@ def test_lookup_user_group_netgroup(self, multihost, backupsssdconf): "getent group User_CS2_grp1_Alias | grep User_CS2_grp1", "getent group User_CS2_grp1_Alias | grep User_CS2"]: execute_cmd(multihost, i) - client_hostip = multihost.client[0].ip for user in ['User_CS2', 'User_CS2_Alias']: - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, 'Secret123') for i in ["getent passwd user_cs2", "getent passwd user_cs2_alias", "getent group user_cs2_grp1", @@ -175,15 +166,7 @@ def test_allow_groups_User_CS2_grp1(self, multihost, backupsssdconf): tools.clear_sssd_cache() for i in ["getent group User_CS2_grp1", "id User_CS2"]: execute_cmd(multihost, i) - client_hostip = multihost.client[0].ip - client = pexpect_ssh(client_hostip, "User_CS2", 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % "User_CS1") - else: - client.logout() + check_login_client(multihost, "User_CS2", 'Secret123') def test_allow_groups_user_cs2_grp1(self, multihost, backupsssdconf): """ @@ -213,11 +196,8 @@ def test_allow_groups_user_cs2_grp1(self, multihost, backupsssdconf): "id User_CS2", "> /var/log/secure"]: execute_cmd(multihost, i) - client_hostip = multihost.client[0].ip - client = pexpect_ssh(client_hostip, "User_CS2", 'Secret123', debug=False) with pytest.raises(Exception): - client.login(login_timeout=10, sync_multiplier=1, - auto_prompt_reset=False) + check_login_client(multihost, "User_CS2", 'Secret123') time.sleep(3) execute_cmd(multihost, 'cat /var/log/secure | grep "Access denied for user User_CS2"') @@ -246,15 +226,7 @@ def test_allow_groups_User_CS2(self, multihost, backupsssdconf): tools.clear_sssd_cache() for i in ["getent passwd User_CS2", "id User_CS2"]: execute_cmd(multihost, i) - client_hostip = multihost.client[0].ip - client = pexpect_ssh(client_hostip, "User_CS2", 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % "User_CS1") - else: - client.logout() + check_login_client(multihost, "User_CS2", 'Secret123') def test_allow_groups_user_cs2(self, multihost, backupsssdconf): """ @@ -284,11 +256,8 @@ def test_allow_groups_user_cs2(self, multihost, backupsssdconf): "id User_CS2", "> /var/log/secure"]: execute_cmd(multihost, i) - client_hostip = multihost.client[0].ip - client = pexpect_ssh(client_hostip, "User_CS2", 'Secret123', debug=False) with pytest.raises(Exception): - client.login(login_timeout=10, sync_multiplier=1, - auto_prompt_reset=False) + check_login_client(multihost, "User_CS2", 'Secret123') time.sleep(3) execute_cmd(multihost, 'cat /var/log/secure | grep "Access denied for user User_CS2"') @@ -329,14 +298,7 @@ def test_case_sensitive(self, multihost, backupsssdconf): execute_cmd(multihost, i) client_hostip = multihost.client[0].ip for user in ['user_cs2', 'user_cs2_alias']: - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, 'Secret123') def test_simple_deny_users_user_cs2(self, multihost, backupsssdconf): """ @@ -364,24 +326,15 @@ def test_simple_deny_users_user_cs2(self, multihost, backupsssdconf): tools.clear_sssd_cache() for user in ['User_cs2', 'user_cs2_alias']: execute_cmd(multihost, "> /var/log/secure") - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) with pytest.raises(Exception): - client.login(login_timeout=10, sync_multiplier=1, - auto_prompt_reset=False) + check_login_client(multihost, user, 'Secret123') time.sleep(3) execute_cmd(multihost, f'cat /var/log/secure | grep "Access denied for user {user}"') execute_cmd(multihost, "> /var/log/secure") execute_cmd(multihost, "sed -i 's/user_cs2/user_cs2_alias/' /etc/sssd/sssd.conf") tools.clear_sssd_cache() for user in ['user_cs2_alias', 'User_cs2']: - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, 'Secret123') def test_simple_deny_groups_user_cs2_grp1(self, multihost, backupsssdconf): """ @@ -409,21 +362,12 @@ def test_simple_deny_groups_user_cs2_grp1(self, multihost, backupsssdconf): tools.clear_sssd_cache() for user in ['User_cs2', 'user_cs2_alias']: execute_cmd(multihost, "> /var/log/secure") - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) with pytest.raises(Exception): - client.login(login_timeout=10, sync_multiplier=1, - auto_prompt_reset=False) + check_login_client(multihost, user, 'Secret123') time.sleep(3) execute_cmd(multihost, f'cat /var/log/secure | grep "Access denied for user {user}"') execute_cmd(multihost, "> /var/log/secure") execute_cmd(multihost, "sed -i 's/user_cs2_grp1/user_cs2_grp1_alias/' /etc/sssd/sssd.conf") tools.clear_sssd_cache() for user in ['user_cs2_alias', 'User_cs2']: - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, 'Secret123') diff --git a/src/tests/multihost/alltests/test_rfc2307.py b/src/tests/multihost/alltests/test_rfc2307.py index ab52d6e4554..39fb4dfeea2 100644 --- a/src/tests/multihost/alltests/test_rfc2307.py +++ b/src/tests/multihost/alltests/test_rfc2307.py @@ -11,8 +11,8 @@ from sssd.testlib.common.libkrb5 import krb5srv from sssd.testlib.common.utils import sssdTools, LdapOperations from constants import ds_suffix, ds_rootdn, ds_rootpw -from sssd.testlib.common.exceptions import SSHLoginException, LdapException -from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.exceptions import LdapException +from sssd.testlib.common.ssh2_python import run_command_client def usr_grp(multihost, obj_info, type): @@ -51,6 +51,7 @@ class Testrfc2307(object): 1. Configure SSSD to authenticate against directory server 2. Enable debug_level to 9 in the 'nss', 'pam' and domain section """ + @pytest.mark.converted('test_ldap.py', 'test_ldap__user_with_whitespace') @pytest.mark.tier2 def test_0001_bz1362023(self, multihost, backupsssdconf): """ @@ -85,18 +86,9 @@ def test_0001_bz1362023(self, multihost, backupsssdconf): tools = sssdTools(multihost.client[0]) domain_name = tools.get_domain_section_name() tools.clear_sssd_cache() - user = f'\\ tuser@{domain_name}' - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - try: - client.login() - except SSHLoginException: - pytest.fail(f'{user} failed to login') - else: - id_cmd = f'id {user}' - cmd = client.command(id_cmd) - assert 'uid=34583100' in cmd[0] - client.logout() + user = f' tuser@{domain_name}' + id_cmd = run_command_client(multihost, user, "Secret123", 'id') + assert 'uid=34583100' in id_cmd user = f'tuser@{domain_name}' cmd = multihost.client[0].run_command(f'id {user}', raiseonerr=False) assert cmd.returncode != 0 diff --git a/src/tests/multihost/alltests/test_ssh_authorizedkeys.py b/src/tests/multihost/alltests/test_ssh_authorizedkeys.py index 5e1eafb5cc9..640a099b495 100644 --- a/src/tests/multihost/alltests/test_ssh_authorizedkeys.py +++ b/src/tests/multihost/alltests/test_ssh_authorizedkeys.py @@ -10,8 +10,7 @@ import pytest import re from sssd.testlib.common.utils import sssdTools -from sssd.testlib.common.expect import pexpect_ssh -from sssd.testlib.common.exceptions import SSHLoginException +from sssd.testlib.common.ssh2_python import check_login_client @pytest.mark.usefixtures('setup_sssd', 'create_posix_usersgroups', @@ -32,14 +31,7 @@ def test_0001_bz1137013(self, multihost, create_ssh_keys): tools = sssdTools(multihost.client[0]) domain_name = tools.get_domain_section_name() user = 'foo1@%s' % domain_name - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - try: - client.login() - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, 'Secret123') domain_log = '/var/log/sssd/sssd_%s.log' % domain_name log = multihost.client[0].get_file_contents(domain_log).decode('utf-8') msg = 'Adding sshPublicKey' diff --git a/src/tests/multihost/alltests/test_sss_cache.py b/src/tests/multihost/alltests/test_sss_cache.py index 6e7b34b8cd0..4215f9aca29 100644 --- a/src/tests/multihost/alltests/test_sss_cache.py +++ b/src/tests/multihost/alltests/test_sss_cache.py @@ -14,6 +14,7 @@ @pytest.mark.usefixtures('setup_sssd_krb', 'create_posix_usersgroups') @pytest.mark.sss_cache class TestSssCache(object): + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__reset_cached_timestamps') @pytest.mark.tier1_2 def test_sss_cache_reset(self, multihost, backupsssdconf): """ diff --git a/src/tests/multihost/alltests/test_sssctl_analyzer.py b/src/tests/multihost/alltests/test_sssctl_analyzer.py index d5b2946a66c..8b1b0dd7716 100644 --- a/src/tests/multihost/alltests/test_sssctl_analyzer.py +++ b/src/tests/multihost/alltests/test_sssctl_analyzer.py @@ -9,8 +9,7 @@ import pytest import re from sssd.testlib.common.utils import sssdTools -from sssd.testlib.common.expect import pexpect_ssh -from sssd.testlib.common.exceptions import SSHLoginException +from sssd.testlib.common.ssh2_python import check_login_client from constants import ds_instance_name @@ -35,6 +34,7 @@ def analyze(multihost, req_arg, op_arg=None): @pytest.mark.tier1_4 class TestSssctlAnalyze(object): """ sssctl analyze test suite """ + @pytest.mark.converted('test_sssctl_analyze.py', 'test_sssctl_analyze__list') def test_analyze_list(self, multihost, backupsssdconf): """ :title: sssctl analyze list to show captured nss related @@ -75,7 +75,7 @@ def test_analyze_list(self, multihost, backupsssdconf): multihost.client[0].run_command(i_cmd, raiseonerr=False) for act_op in ['list', 'list -v']: _, stdout = analyze(multihost, act_op) - assert all(ptn in stdout for ptn in ['id', 'getent']) + assert all(ptn in stdout for ptn in [' id', 'getent']) tools.clear_sssd_cache() g_cmd = f'getent passwd foo1@{ds_instance_name}' multihost.client[0].run_command(g_cmd, raiseonerr=False) @@ -83,6 +83,7 @@ def test_analyze_list(self, multihost, backupsssdconf): _, stdout = analyze(multihost, act_op) assert all(ptn in stdout for ptn in ['CID #1', 'getent']) + @pytest.mark.converted('test_sssctl_analyze.py', 'test_sssctl_analyze__non_default_log_location') def test_analyze_diff_log_location(self, multihost, backupsssdconf): """ :title: sssctl analyze able to parse sssd logs from non-default @@ -120,16 +121,7 @@ def test_analyze_diff_log_location(self, multihost, backupsssdconf): user = f'foo1@{ds_instance_name}' i_cmd = f'id {user}' multihost.client[0].run_command(i_cmd, raiseonerr=False) - client_hostname = multihost.client[0].sys_hostname - client = pexpect_ssh(client_hostname, user, 'Secret123', - debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail(f'{user} failed to login') - else: - client.logout() + check_login_client(multihost, user, 'Secret123') cp_cmd = 'cp -r /var/log/sssd /tmp/' multihost.client[0].run_command(cp_cmd, raiseonerr=False) multihost.client[0].service_sssd('stop') @@ -147,8 +139,11 @@ def test_analyze_diff_log_location(self, multihost, backupsssdconf): for act_op in ['list', 'list -v']: _, stdout = analyze(multihost, act_op, log_dir) assert 'id' in stdout - assert 'sshd' or 'auditd' in stdout + for act_op in ['list --pam', 'list -v --pam']: + _, stdout = analyze(multihost, act_op, log_dir) + assert 'sshd' in stdout + @pytest.mark.converted('test_sssctl_analyze.py', 'test_sssctl_analyze__pam_logs') def test_analyze_pam_logs(self, multihost, backupsssdconf): """ :title: sssctl analyze to parse pam requests from logs @@ -179,16 +174,7 @@ def test_analyze_pam_logs(self, multihost, backupsssdconf): tools.sssd_conf(sec_op, sssd_params, action='update') multihost.client[0].service_sssd('start') user = f'foo1@{ds_instance_name}' - client_hostname = multihost.client[0].sys_hostname - client = pexpect_ssh(client_hostname, user, 'Secret123', - debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail(f"{user} failed to login") - else: - client.logout() + check_login_client(multihost, user, 'Secret123') _, stdout = analyze(multihost, 'show 1 --pam') assert 'CID #1' in stdout pam_cmds = ['SSS_PAM_AUTHENTICATE', 'SSS_PAM_ACCT_MGMT', @@ -196,6 +182,7 @@ def test_analyze_pam_logs(self, multihost, backupsssdconf): for pam_auth in pam_cmds: assert pam_auth in stdout + @pytest.mark.converted('test_sssctl_analyze.py', 'test_sssctl_analyze__tevent_id') def test_analyze_tevent_id(self, multihost, backupsssdconf): """ :title: sssctl analyze to parse tevent chain IDs from logs @@ -225,19 +212,11 @@ def test_analyze_tevent_id(self, multihost, backupsssdconf): i_cmd = f'id foo1@{ds_instance_name}' multihost.client[0].run_command(i_cmd, raiseonerr=False) user = f'foo1@{ds_instance_name}' - client_hostname = multihost.client[0].sys_hostname - client = pexpect_ssh(client_hostname, user, 'Secret123', - debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail(f"{user} failed to login") - else: - client.logout() + check_login_client(multihost, user, 'Secret123') _, stdout = analyze(multihost, 'show 1 --pam') assert all(ptn in stdout for ptn in ['RID#', user]) + @pytest.mark.converted('test_sssctl_analyze.py', 'test_sssctl_analyze__parse_child_logs') def test_analyze_parse_child_logs(self, multihost, backupsssdconf): """ :title: sssctl analyze to parse child logs from logs @@ -269,33 +248,23 @@ def test_analyze_parse_child_logs(self, multihost, backupsssdconf): tools.sssd_conf(sec_op, sssd_params, action='update') tools.clear_sssd_cache() user = f'foo1@{ds_instance_name}' - client_hostname = multihost.client[0].sys_hostname - client = pexpect_ssh(client_hostname, user, 'Secret123', - debug=False) try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: + check_login_client(multihost, user, 'Secret123') + except Exception: _, stdout = analyze(multihost, 'show --pam --child 1') assert 'Preauthentication failed' in stdout pytest.fail(f"{user} failed to login") - else: - client.logout() _, stdout = analyze(multihost, 'show --pam --child 1') err = 'sss_child_krb5_trace_cb' assert all(ptn in stdout for ptn in [err, user]) tools.clear_sssd_cache() - client = pexpect_ssh(client_hostname, user, 'NOSecret123', - debug=False) try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: + check_login_client(multihost, user, 'Secret123') + except Exception: _, stdout = analyze(multihost, 'show --pam --child 1') assert re.findall(r"RID#[0-9]*] Received error code", stdout) - else: - pytest.fail(f"{user} sucessful to login") + @pytest.mark.converted('test_sssctl_analyze.py', 'test_sssctl_analyze__root_privileges') @staticmethod def test_non_root_privileged(multihost, localusers): """ diff --git a/src/tests/multihost/alltests/test_sssctl_local.py b/src/tests/multihost/alltests/test_sssctl_local.py index 8af8fc2c8ae..274c2cdb9c7 100644 --- a/src/tests/multihost/alltests/test_sssctl_local.py +++ b/src/tests/multihost/alltests/test_sssctl_local.py @@ -9,7 +9,6 @@ from __future__ import print_function import pytest from sssd.testlib.common.utils import sssdTools -from sssd.testlib.common.paths import SSSD_DEFAULT_CONF from sssd.testlib.common.exceptions import SSSDException @@ -24,6 +23,7 @@ class Testsssctl(object): """ This is test case class for sssctl suite """ + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__user_show_cache_expiration_time') @pytest.mark.tier1_2 def test_0001_bz1640576(self, multihost, backupsssdconf, @@ -51,6 +51,7 @@ def test_0001_bz1640576(self, multihost, assert 'Cache entry expiration time: Never'\ in cmd.stdout_text + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__handle_implicit_domain') @pytest.mark.tier1_2 def test_0002_bz1599207(self, multihost, backupsssdconf, @@ -80,6 +81,7 @@ def test_0002_bz1599207(self, multihost, assert 'Cache entry creation date' in \ cmd.stdout_text and cmd.returncode == 0 + @pytest.mark.converted('test_sss_cache.py', 'test_sss_cache__cache_expire_message') @pytest.mark.tier1_2 def test_0003_bz1661182(self, multihost, backupsssdconf): diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py index 4f58f4dda16..b4350ae23a8 100644 --- a/src/tests/multihost/alltests/test_sudo.py +++ b/src/tests/multihost/alltests/test_sudo.py @@ -9,7 +9,7 @@ import time import re import pytest -from pexpect import pxssh +from sssd.testlib.common.ssh2_python import SSHClient from sssd.testlib.common.utils import sssdTools from constants import ds_instance_name, ds_suffix @@ -55,19 +55,14 @@ def test_bz1294670(multihost, localusers): add_rule2 = "echo 'Defaults:%s !requiretty'"\ " >> /etc/sudoers.d/%s" % (user, user) multihost.client[0].run_command(add_rule2) - - ssh = pxssh.pxssh(options={"StrictHostKeyChecking": "no", - "UserKnownHostsFile": "/dev/null"}) - ssh.force_password = True + ssh = SSHClient(multihost.client[0].sys_hostname, user, 'Secret123') try: - ssh.login(multihost.client[0].sys_hostname, user, 'Secret123') + ssh.connect() for _ in range(1, 10): - ssh.sendline('sudo fdisk -l') - ssh.prompt(timeout=5) - ssh.sendline('sudo ls -l /usr/sbin/') - ssh.prompt(timeout=5) - ssh.logout() - except pxssh.ExceptionPxssh: + ssh.execute_command('sudo fdisk -l') + ssh.execute_command('sudo ls -l /usr/sbin/') + ssh.close() + except Exception: pytest.fail(f"Authentication Failed as user {user}") pkill = 'pkill tcpdump' multihost.client[0].run_command(pkill) @@ -105,21 +100,13 @@ def test_timed_sudoers_entry(multihost, timed_sudoers): sssd_params = {'services': 'nss, pam, sudo'} tools.sssd_conf(section, sssd_params, action='update') multihost.client[0].service_sssd('start') - - ssh = pxssh.pxssh(options={"StrictHostKeyChecking": "no", - "UserKnownHostsFile": "/dev/null"}) - ssh.force_password = True + ssh = SSHClient(multihost.client[0].sys_hostname, 'foo1@example.test', 'Secret123') try: - ssh.login(multihost.client[0].sys_hostname, - 'foo1@example.test', 'Secret123') - ssh.sendline('id') - ssh.prompt(timeout=5) - id_out = str(ssh.before) - ssh.sendline('sudo -l') - ssh.prompt(timeout=5) - sudo_out = str(ssh.before) - ssh.logout() - except pxssh.ExceptionPxssh: + ssh.connect() + id_out = ssh.execute_command('id') + sudo_out = ssh.execute_command('sudo -l') + ssh.close() + except Exception: pytest.fail("Failed to login via ssh.") assert 'foo1' in id_out, "id command did not work." assert 'NOTBEFORE=' in sudo_out or 'NOTAFTER=' in sudo_out,\ diff --git a/src/tests/multihost/basic/conftest.py b/src/tests/multihost/basic/conftest.py index dcedcc1d99a..8856fa36002 100644 --- a/src/tests/multihost/basic/conftest.py +++ b/src/tests/multihost/basic/conftest.py @@ -18,6 +18,9 @@ pytest_plugins = ( 'sssd.testlib.common.fixtures', + 'pytest_importance', + 'pytest_ticket', + 'sssd.testlib.common.custom_log', ) diff --git a/src/tests/multihost/basic/pytest.ini b/src/tests/multihost/basic/pytest.ini new file mode 100644 index 00000000000..d65ce07a35b --- /dev/null +++ b/src/tests/multihost/basic/pytest.ini @@ -0,0 +1,3 @@ +[pytest] +markers = + converted: Tests that are already converted to the new framework. diff --git a/src/tests/multihost/basic/test_basic.py b/src/tests/multihost/basic/test_basic.py index 214cecc48e5..72f092eba2f 100644 --- a/src/tests/multihost/basic/test_basic.py +++ b/src/tests/multihost/basic/test_basic.py @@ -6,6 +6,7 @@ :upstream: yes :status: approved """ +import pytest import time import configparser as ConfigParser from sssd.testlib.common.utils import sssdTools @@ -13,6 +14,7 @@ class TestSanitySSSD(object): """ Basic Sanity Test cases """ + @pytest.mark.converted('test_authentication.py', 'test_authentication__login') @staticmethod def test_ssh_user_login(multihost): """ @@ -23,6 +25,7 @@ def test_ssh_user_login(multihost): ssh0 = client.auth_from_client("foo1", 'Secret123') == 3 assert ssh0, "Authentication Failed as user foo1" + @pytest.mark.converted('test_kcm.py', 'test_kcm__simple_kinit') @staticmethod def test_kinit(multihost): """ @@ -39,6 +42,7 @@ def test_kinit(multihost): f'su - {user} -c "klist"', raiseonerr=False) assert cmd2.returncode == 0, "klist failed!" + @pytest.mark.converted('test_authentication.py', 'test_authentication__offline_login') @staticmethod def test_offline_ssh_login(multihost): """ diff --git a/src/tests/multihost/basic/test_config.py b/src/tests/multihost/basic/test_config.py index 00a82204cb6..8d4847b9e5f 100644 --- a/src/tests/multihost/basic/test_config.py +++ b/src/tests/multihost/basic/test_config.py @@ -7,7 +7,8 @@ :status: approved """ -from utils_config import set_param, remove_section +import pytest +from utils_config import remove_section, set_param class TestSSSDConfig(object): @@ -25,6 +26,7 @@ def _assert_config_value(self, multihost, section, key, value): check_str = '%s: %s' % (key, value) assert check_str in cmd.stdout_text + @pytest.mark.converted('test_config.py', 'test_config__change_config_while_sssd_running') def test_sssd_genconf_sssd_running(self, multihost): """ :title: config: sssd --genconf is able to re-generate @@ -41,6 +43,7 @@ def test_sssd_genconf_sssd_running(self, multihost): set_param(multihost, 'pam', 'debug_level', '9') + @pytest.mark.converted('test_config.py', 'test_config__genconf_particular_section') def test_sssd_genconf_section_only(self, multihost): """ :title: config: sssd --genconf-section only @@ -65,6 +68,7 @@ def test_sssd_genconf_section_only(self, multihost): set_param(multihost, 'nss', 'debug_level', '9') set_param(multihost, 'pam', 'debug_level', '9') + @pytest.mark.converted('test_config.py', 'test_config__add_remove_section') def test_sssd_genconf_add_remove_section(self, multihost): """ :title: config: sssd --genconf-section can not only modify @@ -96,6 +100,7 @@ def test_sssd_genconf_add_remove_section(self, multihost): self._assert_config_value(multihost, 'pam', 'debug_level', '9') self._assert_config_value(multihost, 'nss', 'debug_level', '9') + @pytest.mark.converted('test_config.py', 'test_config__genconf_no_such_section') def test_sssd_genconf_no_such_section(self, multihost): """ :title: config: Referencing a non-existant section must not fail diff --git a/src/tests/multihost/basic/test_files.py b/src/tests/multihost/basic/test_files.py index f4ab938f7e4..5a1c8c2672c 100644 --- a/src/tests/multihost/basic/test_files.py +++ b/src/tests/multihost/basic/test_files.py @@ -29,6 +29,7 @@ class TestImplicitFilesProvider(object): Test the files provider. This test runs the implicit files provider together with another domain to stick close to what users use in Fedora """ + @pytest.mark.converted('test_files.py', 'test_files__getent_does_not_handle_root') def test_files_does_not_handle_root(self, multihost): """ :title: files: files provider does not handle root @@ -39,6 +40,7 @@ def test_files_does_not_handle_root(self, multihost): exit_status, _ = get_sss_user(multihost, 'root') assert exit_status == 2 + @pytest.mark.converted('test_files.py', 'test_files__simple_getent') def test_files_sanity(self, multihost): """ :title: files: Test that the files provider can resolve a user @@ -49,6 +51,7 @@ def test_files_sanity(self, multihost): exit_status, _ = get_sss_user(multihost, 'lcl1') assert exit_status == 0 + @pytest.mark.converted('test_files.py', 'test_files__enumeration') def test_files_enumeration(self, multihost): """ :title: files: Verify files provider do not enumerate @@ -62,6 +65,7 @@ def test_files_enumeration(self, multihost): cmd = multihost.master[0].run_command('getent passwd -s sss') assert len(cmd.stdout_text) == 0 + @pytest.mark.converted('test_files.py', 'test_files__user_modify') def test_updated_homedir(self, multihost): """ :title: files: Test that homedir is updated diff --git a/src/tests/multihost/basic/test_ifp.py b/src/tests/multihost/basic/test_ifp.py index 81737645a2a..a8cf24b9f6c 100644 --- a/src/tests/multihost/basic/test_ifp.py +++ b/src/tests/multihost/basic/test_ifp.py @@ -6,6 +6,7 @@ :upstream: yes :status: approved """ +import pytest class TestInfoPipe(object): @@ -18,6 +19,11 @@ def test_ifp_extra_attributes_property(self, multihost): :id: 23b8c7e8-df4b-47ef-b38e-0503040e1d67 see e.g. https://github.com/SSSD/sssd/issues/4891 """ + # Note that this test needs dbus-tools package that + # is not implicitly installed here. + check_ifp = "libsss_simpleifp" in multihost.master[0].run_command("rpm -qa").stdout_text + if not check_ifp: + pytest.skip("libsss_simpleifp is not present, skipping test.") dbus_send_cmd = \ """ dbus-send --print-reply --system \ diff --git a/src/tests/multihost/basic/test_kcm.py b/src/tests/multihost/basic/test_kcm.py index 8f527f6b81d..53c34e6d5f0 100644 --- a/src/tests/multihost/basic/test_kcm.py +++ b/src/tests/multihost/basic/test_kcm.py @@ -39,7 +39,7 @@ def _kcm_log_length(self, multihost): try: multihost.master[0].transport.get_file(kcm_log_file, local_kcm_log_file) - except FileNotFoundError: + except (FileNotFoundError, OSError): return 0 nlines = sum(1 for line in open(local_kcm_log_file)) diff --git a/src/tests/multihost/basic/test_ldap.py b/src/tests/multihost/basic/test_ldap.py index 2ea483b8d82..ceb0d54fbc8 100644 --- a/src/tests/multihost/basic/test_ldap.py +++ b/src/tests/multihost/basic/test_ldap.py @@ -90,6 +90,7 @@ def _change_test_reset_password(multihost): client.change_user_password( user, 'Secret1234', 'Secret1234', 'Secret123', 'Secret123') + @pytest.mark.converted('test_ldap.py', 'test_ldap__change_password') @staticmethod def test_ldap_chpass_extop(multihost): """ @@ -99,6 +100,7 @@ def test_ldap_chpass_extop(multihost): """ TestLDAPChpass._change_test_reset_password(multihost) + @pytest.mark.converted('test_ldap.py', 'test_ldap__change_password') @staticmethod @pytest.mark.usefixtures("set_ldap_auth_provider", "set_ldap_pwmodify_mode_ldap_modify") diff --git a/src/tests/multihost/basic/test_sssctl_config_check.py b/src/tests/multihost/basic/test_sssctl_config_check.py index f003a8d1967..1ada5c762d8 100644 --- a/src/tests/multihost/basic/test_sssctl_config_check.py +++ b/src/tests/multihost/basic/test_sssctl_config_check.py @@ -9,8 +9,11 @@ import re +import pytest + class TestSssctlConfigCheck(object): + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__check_typo_option_name') def test_verify_typo_option_name(self, multihost): """ :title: sssctl: Verify typos in option name (not value) @@ -41,6 +44,7 @@ def test_verify_typo_option_name(self, multihost): multihost.master[0].run_command(['/bin/cp', '-a', cfgput, cfgget], raiseonerr=False) + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__typo_domain_name') def test_verify_typo_domain_name(self, multihost): """ :title: sssctl: Verify typos in domain name of configuration file @@ -70,6 +74,7 @@ def test_verify_typo_domain_name(self, multihost): multihost.master[0].run_command(['/bin/cp', '-a', cfgput, cfgget], raiseonerr=False) + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__misplaced_option') def test_misplaced_option(self, multihost): """ :title: sssctl: Verify misplace options in default configuration file diff --git a/src/tests/multihost/ipa/conftest.py b/src/tests/multihost/ipa/conftest.py index a33815e65d3..d3a568132bd 100644 --- a/src/tests/multihost/ipa/conftest.py +++ b/src/tests/multihost/ipa/conftest.py @@ -15,6 +15,9 @@ pytest_plugins = ( 'sssd.testlib.common.fixtures', + 'pytest_importance', + 'pytest_ticket', + 'sssd.testlib.common.custom_log', ) diff --git a/src/tests/multihost/ipa/test_adtrust.py b/src/tests/multihost/ipa/test_adtrust.py index 3ad80964c1f..4478d52ccc5 100644 --- a/src/tests/multihost/ipa/test_adtrust.py +++ b/src/tests/multihost/ipa/test_adtrust.py @@ -171,7 +171,7 @@ def test_adusrname_beginning_with_at_rate_sign(multihost): assert ad_user not in cmd.stdout_text,\ f"{ad_user} information is fetched" assert cmd1.returncode != 0, 'User information returned' - assert ad_grp not in cmd1.stdout_text,\ + assert ad_group not in cmd1.stdout_text,\ f"{ad_user} is not available in {ad_user} information" @staticmethod @@ -731,3 +731,190 @@ def test_skip_members_in_view_search(multihost): assert f"group1@{domain}" in lookup_id_client.stdout_text, f"group1 name was not resolved" \ f" on ipa-client." assert f"admins" in lookup_id_client.stdout_text, "admins name was not resolved on ipa-client." + + @staticmethod + def test_search_filter_for_override_usrgrp(multihost, create_aduser_group): + """ + :title: BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides + :id: 932f1177-2375-46a6-8920-9f06d8874881 + :customerscenario: true + :bugzilla: + https://bugzilla.redhat.com/show_bug.cgi?id=2096183 + :description: The new filter looks for a specific user override or a specific + group override:(|(&(objectClass=ipaUserOverride)(uidNumber=XXXX)) + (&(objectClass=ipaGroupOverride)(gidNumber=XXXX))). + :setup: + 1. Create user and group (group1) on AD. + 2. Make AD user member of group1. + :steps: + 1. Add a group override to the 'default trust view' with gid number and group name. + 2. Add a user override to the 'default trust view' view with same gid number + which was created in step 1. + 3. Lookup sid-by-id with pysss_nss_idmap using python. + 4. Lookup for the group and again run step 3. + 5. Check the log message from domain log + :expectedresults: + 1. Group added in 'default trust view' with gid number and group name. + 2. User added in 'default trust view' with same gid number which was created in step 1. + 3. Successfully lookup sid-by-id with pyss_nss_idmap using python. + 4. Group lookup command succeeds, successfully ran step 3 again. + 5. Got expected log messages from domain log. + """ + (aduser, adgroup) = create_aduser_group + run_id_int = random.randint(9999, 999999) + domain = multihost.ad[0].domainname + + ipa_client = sssdTools(multihost.client[0]) + ipa_master = sssdTools(multihost.master[0]) + + add_grp_override = f'ipa idoverridegroup-add "default trust view" {adgroup}@{domain} ' \ + f'--group-name "borci{run_id_int}" --gid={run_id_int}' + multihost.master[0].run_command(add_grp_override, raiseonerr=False) + + add_user_override = f'ipa idoverrideuser-add "default trust view" {aduser}@{domain} ' \ + f'--login ferko{run_id_int} --uid=50001 --gidnumber={run_id_int}' + multihost.master[0].run_command(add_user_override, raiseonerr=False) + + domain_params = {'debug_level': '9'} + domain_name = ipa_client.get_domain_section_name() + ipa_client.sssd_conf(f'domain/{domain_name}', domain_params) + + ipa_master.clear_sssd_cache() + ipa_client.clear_sssd_cache() + time.sleep(5) + + # Lookup sid-by-id with pysss_nss_idmap using python + python_cmd = f'''python3 -c "import pysss_nss_idmap; print (pysss_nss_idmap.getsidbyid('{run_id_int}'))"''' + multihost.client[0].run_command(python_cmd, raiseonerr=False) + + group_lookup = f'getent group {adgroup}@{domain}' + check_gr_lookup = multihost.client[0].run_command(group_lookup, raiseonerr=False) + + multihost.client[0].run_command(python_cmd, raiseonerr=False) + + # Updated log message from sssd domain log + log_message = f'Found override for object with filter' + + # Download sssd log + log_file = multihost.client[0].get_file_contents(f"/var/log/sssd/sssd_{domain_name}.log").decode('utf-8') + + # Teardown the setup + cmd_to_delete = [f"ipa idoverridegroup-del 'default trust view' {adgroup}@{domain}", + f"ipa idoverrideuser-del 'default trust view' {aduser}@{domain}"] + for cmd in cmd_to_delete: + multihost.master[0].run_command(cmd, raiseonerr=False) + + # Test result Evaluations + assert check_gr_lookup.returncode == 0, f"group {adgroup} was not found." + assert f"borci{run_id_int}@{domain}" in check_gr_lookup.stdout_text, "Group name was not resolved." + assert f"ferko{run_id_int}@{domain}" in check_gr_lookup.stdout_text, "Group name was not resolved." + assert log_message in log_file + + @staticmethod + def test_ldap_user_extra_attrs(multihost, create_aduser_group): + """ + :title: When adding attributes ldap_user_extra_attrs with mail value in sssd.conf + the cross-forest query stop working + :id: abc60b52-224d-4ac3-bbae-195cb0c563a0 + :customerscenario: true + :bugzilla: + https://bugzilla.redhat.com/show_bug.cgi?id=2170720 + :description: When adding attributes ldap_user_extra_attrs in sssd.conf + with the cross-forest, id command failed on client side. + working. + :setup: + 1. Create user and group on AD. + :steps: + 1. Add ldap_user_extra_attrs in domain section with mail in client and master. + 2. Add user_attributes in nss section with mail in client and master. + 3. Clear sssd cache from client and master. + 4. Check id lookup of the user. + :expectedresults: + 1. Successfully add parameter in domain section of client and master. + 2. Successfully add user_attributes in nss section of client and master. + 3. Cleared the cache of client and master. + 4. User lookup command succeeds. + """ + client = sssdTools(multihost.client[0], multihost.ad[0]) + master = sssdTools(multihost.master[0]) + domain = multihost.ad[0].domainname + + (aduser, adgroup) = create_aduser_group + section = client.get_domain_section_name() + + for role in [client, master]: + domain_params = {'ldap_user_extra_attrs': f'mail, lastname:sn, firstname:givenname'} + nss_params = {'user_attributes': '+mail, +firstname, +lastname'} + role.sssd_conf(f'domain/{section}', domain_params) + role.sssd_conf('nss', nss_params) + role.clear_sssd_cache() + + # Test evaluation + id_lookup = f'id {aduser}@{domain}' + check_id = multihost.client[0].run_command(id_lookup, raiseonerr=False) + + assert check_id.returncode == 0, f'{aduser} id is not successful' + assert f"{aduser}@{domain}" in check_id.stdout_text, "User name was not resolved." + assert f"{adgroup}@{domain}" in check_id.stdout_text, "Group name was not resolved." + + @staticmethod + def test_s2n_get_request(multihost): + """ + :title: User lookup on IPA client fails with 's2n get_fqlist request failed' + :id: fae73dd7-5a18-4aa4-a39f-a20a2f66b1c9 + :customerscenario: true + :bugzilla: + https://bugzilla.redhat.com/show_bug.cgi?id=2192708 + https://bugzilla.redhat.com/show_bug.cgi?id=2196838 + https://bugzilla.redhat.com/show_bug.cgi?id=2196816 + https://bugzilla.redhat.com/show_bug.cgi?id=2196839 + :description: When checking if the input group-name of an autogenerated + user-private-group is the original name from AD or an overwritten one the + comparison is currently done case sensitive. + Since AD handles names case-insensitive and hence SSSD should do this as + well to make sure that e.g. mixed-case names like Administrator can be + match reliable. + :setup: + 1. Add an Administrator user override to the 'default trust view' with sshpubkey. + :steps: + 1. Check group lookup for Administrator user using mixed chars upper/lower cases. + :expectedresults: + 1. Successfully group lookup the administrator user using mixed chars cases. + """ + domain = multihost.ad[0].domainname + + ipa_client = sssdTools(multihost.client[0]) + ipa_master = sssdTools(multihost.master[0]) + + ssh_key = f"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiOfcg3WRL6z+6XWSAw4mT7q7aE7rj1KmhaM6U5" \ + f"fmbN5QnEfCAMp8qbSbBLsjY0F501ZNpcAgeefDv3oNYL62sfac8OzWf5eXZlKJQYYILi8dv8i8HoJ" \ + f"BT9+n81Y5w1UVbmRNX9n2lqqxdfhiL2iIsbzJ1KGmIw6JlmbeRtcgGRQzt0M+Ggftl6Kr97obEWo1" \ + f"l9E5QWvkliecPXWJVTBUpM+Gr2CWhqLtNf5VALjYilX3jfC2355hIR8R8UsnkbWbjNksj7nruUQP9" \ + f"goHcbJ6vbyzka3v/2aRC5eIa7b8NE8vwRbrtp5CV9QNbx/GiTY6T50CJE0lyEwmlLHKUmovt " \ + f"Administrator@{domain}" + + # Add override user with ssh pub key + add_user_override = f"ipa idoverrideuser-add 'Default Trust View' Administrator@{domain} " \ + f"--sshpubkey='{ssh_key}'" + multihost.master[0].run_command(add_user_override, raiseonerr=False) + + ipa_master.clear_sssd_cache() + ipa_client.clear_sssd_cache() + time.sleep(5) + + # check lookup of group + group_lookup1 = f'getent group administrator@{domain}' + check_gr_lookup1 = multihost.client[0].run_command(group_lookup1, raiseonerr=False) + + group_lookup2 = f'getent group adMiniStraTor@{domain}' + check_gr_lookup2 = multihost.client[0].run_command(group_lookup2, raiseonerr=False) + + # Delete an Administrator User ID override + cmd_to_delete = f"ipa idoverrideuser-del 'default trust view' administrator@{domain}" + multihost.master[0].run_command(cmd_to_delete, raiseonerr=False) + + # Test result Evaluations + assert check_gr_lookup1.returncode == 0 and check_gr_lookup2.returncode == 0, \ + f"group lookup was not resolved." + assert f"administrator@{domain}" in check_gr_lookup1.stdout_text, "Group name was not resolved." + assert f"administrator@{domain}" in check_gr_lookup2.stdout_text, "Group name was not resolved." diff --git a/src/tests/multihost/ipa/test_misc.py b/src/tests/multihost/ipa/test_misc.py index 44f66d37bbd..705eac09cad 100644 --- a/src/tests/multihost/ipa/test_misc.py +++ b/src/tests/multihost/ipa/test_misc.py @@ -16,6 +16,7 @@ import pytest from sssd.testlib.common.utils import sssdTools from sssd.testlib.common.exceptions import SSSDException +from sssd.testlib.common.ssh2_python import run_command_client @pytest.mark.usefixtures('default_ipa_users', 'reset_password') @@ -330,22 +331,10 @@ def test_authentication_indicators(multihost, backupsssdconf): multihost.client[0].run_command( f'su -l {user} -c "ipa sudorule-add-user testrule2 --users admin"', raiseonerr=False) - ssh_error = "" - ssh = pexpect.pxssh.pxssh( - options={"StrictHostKeyChecking": "no", - "UserKnownHostsFile": "/dev/null"}, timeout=600) - ssh.force_password = True - try: - ssh.login(multihost.client[0].ip, user, test_password) - ssh.sendline('sudo -l') - ssh.prompt(timeout=600) - ssh.logout() - except pexpect.pxssh.ExceptionPxssh: - ssh_error += "Could not login via ssh first time." - + run_command_client(multihost, user, test_password, "sudo -l") + time.sleep(3) search = multihost.client[0].run_command( 'fgrep gssapi_ /var/log/sssd/sssd_pam.log | tail -10') - domain_params = {'pam_gssapi_services': 'sudo, sudo-i', 'pam_gssapi_indicators_map': 'sudo-i:hardened'} client.sssd_conf('pam', domain_params) @@ -354,18 +343,7 @@ def test_authentication_indicators(multihost, backupsssdconf): multihost.client[0].run_command( f'su -l {user} -c "kinit admin"', stdin_text=test_password, raiseonerr=False) - - ssh = pexpect.pxssh.pxssh(options={"StrictHostKeyChecking": "no", - "UserKnownHostsFile": "/dev/null"}, - timeout=600) - ssh.force_password = True - try: - ssh.login(multihost.client[0].ip, user, test_password) - ssh.sendline('sudo -l') - ssh.prompt(timeout=600) - ssh.logout() - except pexpect.pxssh.ExceptionPxssh: - ssh_error += "\nCould not login via ssh second time." + run_command_client(multihost, user, test_password, "sudo -l") multihost.client[0].run_command( f'su -l {user} -c "klist"', raiseonerr=False) @@ -379,8 +357,6 @@ def test_authentication_indicators(multihost, backupsssdconf): 'cp -vf /etc/pam.d/sudo-i_indicators /etc/pam.d/sudo-i') search2 = multihost.client[0].run_command( 'fgrep gssapi_ /var/log/sssd/sssd_pam.log | tail -10') - - assert not ssh_error, ssh_error assert 'indicators: 0' in search.stdout_text assert 'indicators: 2' in search2.stdout_text @@ -443,24 +419,8 @@ def test_pass_krb5cname_to_pam(multihost, multihost.client[0].run_command( f'su -l {user} -c "sudo -S -l"', stdin_text=test_password, raiseonerr=False) - file_name = 'domain_list_' + str(time.time()) - ssh_error = "" - ssh = pexpect.pxssh.pxssh( - options={"StrictHostKeyChecking": "no", - "UserKnownHostsFile": "/dev/null"}, timeout=600) - ssh.force_password = True - try: - ssh.login(multihost.client[0].ip, user, test_password) - ssh.sendline(f'sudo -S /usr/sbin/sssctl domain-list > ' - f'/tmp/{file_name}') - ssh.expect(".*:", timeout=10) - ssh.sendline(test_password) - ssh.prompt(timeout=60) - ssh.logout() - except pexpect.pxssh.ExceptionPxssh: - ssh_error += "Could not login via ssh." - result = multihost.client[0].run_command(f"cat /tmp/{file_name}" - ).stdout_text + result = run_command_client(multihost, user, test_password, + 'echo -e "Secret123" | sudo -S /usr/sbin/sssctl domain-list') assert domain_name in result @staticmethod @@ -509,7 +469,7 @@ def check_hostname_hash(hash_value=None): multihost.client[0].run_command(r"rm -rf /var/lib/sss/pubconf" r"/known_hosts") multihost.client[0].service_sssd("start") - cmd = f"ssh -l -q foobar0@{server_host} echo 'login successful'" + cmd = f"ssh foobar0@{server_host} echo 'login successful'" multihost.client[0].run_command(cmd, stdin_text="Secret123", raiseonerr=False) known_hosts = multihost.client[0].run_command(r"cat /var/lib/sss" @@ -610,10 +570,16 @@ def test_ssh_expiration_warning(multihost, reset_password, hbac_sshd_rule, client.clear_sssd_cache() # Run ssh - cmd = 'su - foobar1@testrealm.test -c " ssh -v ' \ + # This one does not work RHEL 8 + # cmd = 'su - foobar1@testrealm.test -c " ssh -v ' \ + # '-o StrictHostKeychecking=no -o UserKnownHostsFile=/dev/null ' \ + # '-o GSSAPIAuthentication=no -o PasswordAuthentication=no ' \ + # '-l foobar1@testrealm.test localhost \'whoami\' " 2>&1' + + cmd = 'sudo -u foobar1@testrealm.test ssh -v ' \ '-o StrictHostKeychecking=no -o UserKnownHostsFile=/dev/null ' \ '-o GSSAPIAuthentication=no -o PasswordAuthentication=no ' \ - '-l foobar1@testrealm.test localhost \'whoami\' " 2>&1' + '-l foobar1@testrealm.test localhost <<< whoami 2>&1' ssh_cmd = multihost.client[0].run_command(cmd, raiseonerr=False) @@ -705,10 +671,16 @@ def test_ssh_expired_warning(multihost, reset_password, hbac_sshd_rule, client.clear_sssd_cache() # Run ssh - cmd = 'su - foobar1@testrealm.test -c " ssh -v ' \ + # This one does not work RHEL 8 + # cmd = 'su - foobar1@testrealm.test -c " ssh -v ' \ + # '-o StrictHostKeychecking=no -o UserKnownHostsFile=/dev/null ' \ + # '-o GSSAPIAuthentication=no -o PasswordAuthentication=no ' \ + # '-l foobar1@testrealm.test localhost \'whoami\' " 2>&1' + + cmd = 'sudo -u foobar1@testrealm.test ssh -v ' \ '-o StrictHostKeychecking=no -o UserKnownHostsFile=/dev/null ' \ '-o GSSAPIAuthentication=no -o PasswordAuthentication=no ' \ - '-l foobar1@testrealm.test localhost \'whoami\' " 2>&1' + '-l foobar1@testrealm.test localhost <<< whoami 2>&1' ssh_cmd = multihost.client[0].run_command(cmd, raiseonerr=False) diff --git a/src/tests/multihost/requirements.txt b/src/tests/multihost/requirements.txt index 46d0c79825d..c6e30a37092 100644 --- a/src/tests/multihost/requirements.txt +++ b/src/tests/multihost/requirements.txt @@ -4,3 +4,6 @@ pytest_multihost python-ldap PyYAML pymmh3 +ssh2-python +git+https://github.com/next-actions/pytest-importance +git+https://github.com/next-actions/pytest-ticket diff --git a/src/tests/multihost/sssd/testlib/common/custom_log.py b/src/tests/multihost/sssd/testlib/common/custom_log.py new file mode 100644 index 00000000000..91015f4bef1 --- /dev/null +++ b/src/tests/multihost/sssd/testlib/common/custom_log.py @@ -0,0 +1,101 @@ +from __future__ import annotations +import os +from collections import defaultdict + +import pytest + + +@pytest.hookimpl(tryfirst=True) +def pytest_configure(config: pytest.Config) -> None: + p = CustomLogPlugin(config) + config.pluginmanager.register(p, 'custom_log_plugin') + + +class CustomLogPlugin: + """ + Custom log class to dulicate or remove log from console + and place it inside per-test log files + """ + def __init__(self, config: pytest.Config) -> None: + self.config: pytest.Config = config + self.log_per_test: str = config.getoption("log_per_test") + self.tests = defaultdict(dict) + if self.log_per_test not in ["never", "duplicate"]: + self.config.option.showlocals = True + self.config.option.reportchars = 'a' + self.config.option.tbstyle = 'line' + self.config.option.showcapture = 'no' + self.config.option.capture = 'fd' + + def _write_log(self, test: str, phases: list = None) -> None: + """ + Write log for test, possibly only selected + phases can be written. + """ + if not phases: + _phases = ["setup", "call", "teardown"] + else: + _phases = phases + tr = self.tests[test] + test_name = test.split("::")[-1] + test_name = test_name.translate( + str.maketrans('":<>|*? [', "---------", "]()")) + logdir = os.path.join(os.path.dirname(self.config.option.log_file), + 'logs') + os.makedirs(logdir, exist_ok=True) + logpath = os.path.join(logdir, f'{test_name}.log') + with open(logpath, 'a+') as f: + for phase in _phases: + if phase not in tr: + # We do not fail on missing phase as 'call' + # could be missing when setup failed. + continue + f.write(f"\nPHASE: {phase.upper()} for {test_name}" + f"... [{tr[phase].outcome.upper()}]\n") + if tr[phase].capstdout: + f.write(f"\n=== {test_name} {phase.upper()} OUT ===\n") + f.write(tr[phase].capstdout) + if tr[phase].capstderr: + f.write(f"\n=== {test_name} {phase.upper()} ERR ===\n") + f.write(tr[phase].capstderr) + if tr[phase].caplog: + f.write(f"\n=== {test_name} {phase.upper()} LOG ===\n") + f.write(tr[phase].caplog) + if tr[phase].longreprtext: + f.write(f"'\n=== {test_name} {phase.upper()} INFO ===\n") + f.write(tr[phase].longreprtext) + + def pytest_runtest_logreport(self, report: pytest.TestReport) -> None: + """ + Hook called on finished test setup, call and teardown + """ + self.tests[report.nodeid][report.when] = report + if self.log_per_test == 'always': + # When we write log always we can write it for each phase + # This might help when some phase gets stuck. + self._write_log(report.nodeid, phases=[report.when]) + elif report.when == 'teardown': + # When writing on-failure we need to wait for teardown to decide + test = self.tests[report.nodeid] + if test['setup'].outcome == 'failed' or\ + test['call'].outcome == 'failed' or\ + test['teardown'].outcome == 'failed': + self._write_log(report.nodeid) + + +def pytest_addoption(parser: pytest.Parser) -> None: + """ + Pytest hook: add command line options. + """ + parser.addoption( + "--log-per-test", + action="store", + default="on-failure", + nargs="?", + choices=["never", "on-failure", "always", "duplicate"], + help="Create per-test logfile. 'never': Log everything to console. " + "'duplicate': Log to console and on-failure also to file. " + "'always': Keep console clean and always log to file. " + "'on-failure': Keep console clean and log to file only on " + "a failure. (default: %(default)s)", + ) diff --git a/src/tests/multihost/sssd/testlib/common/libkrb5.py b/src/tests/multihost/sssd/testlib/common/libkrb5.py index 40fc4243736..5e8a838f753 100644 --- a/src/tests/multihost/sssd/testlib/common/libkrb5.py +++ b/src/tests/multihost/sssd/testlib/common/libkrb5.py @@ -33,17 +33,22 @@ def __init__(self, multihost, krb_realm=None): self.krb_acl_file = '%s/kadm5.acl' % (self.krb5_kdc_data_dir) self.admin_keytab = '%s/kadm5.keytab' % (self.krb5_kdc_data_dir) self.kdc_conf = '%s/kdc.conf' % (self.krb5_kdc_data_dir) + self.ciphers = "aes256-cts-hmac-sha384-192:normal "\ + "aes128-cts-hmac-sha256-128:normal "\ + "aes256-cts-hmac-sha1-96:normal "\ + "aes128-cts-hmac-sha1-96:normal" def _config_krb5kdc(self): """ Configure kdc.conf and kadm5.acl :param: None :return str: Return Kerberos kdc.conf file path """ - realm_def = """ { - acl_file = %s - admin_keytab = %s - } """ % (self.krb_acl_file, - self.admin_keytab) + + realm_def = f""" {{ + acl_file = {self.krb_acl_file} + admin_keytab = {self.admin_keytab} + supported_enctypes = {self.ciphers} + }}""" config = ConfigParser.RawConfigParser() config.optionxform = str config.add_section('kdcdefaults') diff --git a/src/tests/multihost/sssd/testlib/common/ssh2_python.py b/src/tests/multihost/sssd/testlib/common/ssh2_python.py new file mode 100644 index 00000000000..ba08055ab96 --- /dev/null +++ b/src/tests/multihost/sssd/testlib/common/ssh2_python.py @@ -0,0 +1,105 @@ +import socket +import ssh2 +from ssh2.session import Session + + +class SSHClient: + """ ssh2 methods """ + def __init__(self, hostname, username, password): + """Initialize defaults""" + self.hostname = hostname + self.username = username + self.password = password + self.session = None + + def connect(self): + """login to host""" + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.connect((self.hostname, 22)) + session = Session() + session.handshake(sock) + session.userauth_password(self.username, self.password) + self.session = session + + def execute_command(self, command): + """Run Non interactive Commands""" + channel = self.session.open_session() + channel.execute(command) + size, data = channel.read() + output = "" + while size > 0: + output += data.decode() + size, data = channel.read() + channel.close() + return output + + def close(self): + """Logout of ssh session""" + if self.session: + self.session.disconnect() + + +def check_login(hostname, user, password): + """This function will check user login + user: Name of the user. + hostname: Name of the machine where user will login. + password: User password. + """ + ssh = SSHClient(hostname, user, password) + ssh.connect() + ssh.close() + + +def check_login_client(multihost, user, password): + """This function will check user login + user: Name of the user. + password: User password. + """ + hostname = multihost.client[0].ip + ssh = SSHClient(hostname, user, password) + ssh.connect() + ssh.close() + + +def check_login_client_bool(multihost, user, password): + """This function will check user login + user: Name of the user. + password: User password. + """ + try: + hostname = multihost.client[0].ip + ssh = SSHClient(hostname, user, password) + ssh.connect() + ssh.close() + return True + except ssh2.exceptions.AuthenticationError: + return False + + +def run_command(hostname, user, password, command): + """This function will execute command + user: Name of the user. + hostname: Name of the machine where user will login. + password: User password. + command: User command + """ + ssh = SSHClient(hostname, user, password) + ssh.connect() + result = ssh.execute_command(command) + ssh.close() + return result + + +def run_command_client(multihost, user, password, command): + """This function will execute command + user: Name of the user. + hostname: Name of the machine where user will login. + password: User password. + command: User command + """ + hostname = multihost.client[0].ip + ssh = SSHClient(hostname, user, password) + ssh.connect() + result = ssh.execute_command(command) + ssh.close() + return result diff --git a/src/tests/multihost/sssd/testlib/common/utils.py b/src/tests/multihost/sssd/testlib/common/utils.py index a473f7f3748..e400698fa26 100644 --- a/src/tests/multihost/sssd/testlib/common/utils.py +++ b/src/tests/multihost/sssd/testlib/common/utils.py @@ -78,32 +78,42 @@ def client_install_pkgs(self): """ Install common required packages """ pkgs = 'adcli realmd samba samba-common-tools krb5-workstation '\ 'oddjob oddjob-mkhomedir ldb-tools samba-winbind '\ - 'samba-winbind-clients autofs nfs-utils authconfig '\ - 'authselect cifs-utils openldap-clients firewalld '\ - 'tcpdump wireshark-cli expect rsyslog gcc gcc-c++ pam-devel '\ - 'tdb-tools libkcapi-hmaccalc strace' + 'samba-winbind-clients autofs nfs-utils rsyslog '\ + 'cifs-utils openldap-clients tdb-tools '\ + 'tcpdump wireshark-cli expect gcc gcc-c++ pam-devel '\ + 'libkcapi-hmaccalc strace iproute-tc python3-libsss_nss_idmap' sssd_pkgs = 'sssd sssd-tools sssd-proxy sssd-winbind-idmap '\ 'libsss_autofs sssd-kcm sssd-dbus' - extra_pkg = ' nss-pam-ldapd krb5-pkinit' - distro = self.multihost.distro - if '8.' in distro: - pkgs = pkgs + extra_pkg - if '7.' in distro or '8.' in distro or '9.' in distro: - sssd_pkgs = sssd_pkgs + " libsss_simpleifp" + # Packages that might or might not be available depending on distro + # are installed in own transactions not to prevent others + # to be installed. It is due to difference between yum and dnf when dnf + # does not install anything when one of the packages is missing. + # It can be changed in dnf config by strict=0, but it would be hard to + # do here without a massive refactoring. + standalalone_pkgs = [ + 'authselect', 'authconfig', 'firewalld', 'libsss_simpleifp', + 'nss-pam-ldapd', 'krb5-pkinit' + ] + for pkg in standalalone_pkgs: + self.multihost.package_mgmt(pkg, action='install') self.multihost.package_mgmt(pkgs, action='install') self.multihost.package_mgmt(sssd_pkgs, action='install') def server_install_pkgs(self): """ Install common required packages on server""" pkgs = 'adcli realmd samba samba-common-tools krb5-workstation '\ - 'samba-winbind-clients nfs-utils authconfig openldap-clients '\ - 'authselect krb5-server cifs-utils expect rsyslog 389-ds-base' + 'samba-winbind-clients nfs-utils openldap-clients '\ + 'krb5-server cifs-utils expect 389-ds-base rsyslog' sssd_pkgs = 'sssd sssd-tools sssd-proxy sssd-winbind-idmap '\ - 'libsss_autofs libsss_simpleifp sssd-kcm sssd-dbus' + 'libsss_autofs sssd-kcm sssd-dbus' + # See comment in client_install_pkgs + standalalone_pkgs = ['authselect', 'authconfig', 'libsss_simpleifp'] distro = self.multihost.distro if '8.' in distro: enable_idm = 'yum module enable idm:DL1 -y' self.multihost.run_command(enable_idm) + for pkg in standalalone_pkgs: + self.multihost.package_mgmt(pkg, action='install') self.multihost.package_mgmt(pkgs, action='install') self.multihost.package_mgmt(sssd_pkgs, action='install') @@ -143,6 +153,12 @@ def update_resolv_conf(self, ip_addr): self.multihost.run_command("chattr -i /etc/resolv.conf", raiseonerr=False) self.multihost.put_file_contents('/etc/resolv.conf', contents) self.multihost.run_command("chattr +i /etc/resolv.conf", raiseonerr=False) + # Try to change dns settings on a machine with systemd.resolved + change_stub = f"sed -ie 's/#\?DNS=.*/DNS={ip_addr}/' /etc/systemd/resolved.conf" + self.multihost.run_command(change_stub, raiseonerr=False) + self.multihost.run_command( + "systemctl restart systemd-resolved", raiseonerr=False + ) def update_etc_hosts(self, ip_addr, hostname): """ Update /etc/hosts with ipaddress and hostname @@ -391,19 +407,41 @@ def realm_join(self, domainname, admin_password, f'--client-software={client_software} ' \ f'--server-software={server_software} ' \ f'--membership-software={membership_software} -v' + # For AD sasl authid tests we need to have user-principal populated. + if server_software == 'active-directory': + hostname = self.multihost.run_command( + 'hostname', raiseonerr=False).stdout_text.rstrip() + ad_realm = self.adhost.domainname.upper() + realm_cmd += f' --user-principal=host/{hostname}@{ad_realm}' + print(realm_cmd) - cmd = self.multihost.run_command(realm_cmd, stdin_text=admin_password, - raiseonerr=False) - if cmd.returncode == 124: - # When the command fails, there is still realmd running that might - # be doing something so we stop it so the following realm leave - # is not stuck on "realm: Already running another action". - self.service_ctrl('stop', 'realmd') - raise SSSDException(f"realm join timed out! {cmd.stderr_text}") - elif cmd.returncode != 0: - raise SSSDException("Error: %s" % cmd.stderr_text) + # When AD is on a diffent network that client this is not + # quite reliable so we retry + for _ in range(5): + cmd = self.multihost.run_command( + realm_cmd, stdin_text=admin_password, raiseonerr=False) + if cmd.returncode == 0: + break + elif cmd.returncode == 124: # Timeout occured + # When the command fails, there is still realmd running + # that might be doing something so we stop it so + # the following realm leave is not stuck on + # "realm: Already running another action". + print("WARNING: realm join timed out, retrying!") + self.service_ctrl('stop', 'realmd') + else: + # other error + print("realm join failed!") + if "realm: Already joined to this domain" in cmd.stderr_text: + print("Already joined to realm.") + break + time.sleep(30) else: - return cmd.stderr_text + self.multihost.run_command("cat /etc/krb5.conf", raiseonerr=False) + self.multihost.run_command("resolvectl dns", raiseonerr=False) + raise SSSDException("Error: %s" % cmd.stderr_text) + return cmd.stderr_text + def realm_leave(self, domainname, raiseonerr=True): """ Leave system from AD/IPA Domain @@ -414,9 +452,16 @@ def realm_leave(self, domainname, raiseonerr=True): else raises Exception :Exception: Raises SSSDException """ - + # When we do not want to raise exception we also do not want to see + # the output as it is probably a pre-emptive realm leave before + # joining again and the error in log is misleading. cmd = self.multihost.run_command( - f'realm leave {domainname} -v', raiseonerr=False) + f'realm leave {domainname} -v', log_stdout=raiseonerr, raiseonerr=False) + if cmd.returncode != 0 and "realm: Couldn't connect to realm service" in cmd.stderr_text: + print("WARNING: realm leave timed out, retrying!") + self.service_ctrl('restart', 'realmd') + cmd = self.multihost.run_command( + f'realm leave {domainname} -v', log_stdout=raiseonerr, raiseonerr=False) if cmd.returncode != 0 and raiseonerr: raise SSSDException("Error: %s", cmd.stderr_text) elif cmd.returncode != 0: @@ -837,6 +882,20 @@ def config_etckrb5(self, realm, krb5_server=None): "edwards25519") krb5config.set("libdefaults", "default_ccache_name", "KEYRING:persistent:%{uid}") + krb5config.set( + "libdefaults", "default_tgs_enctypes", + "aes256-cts-hmac-sha384-192 aes256-cts-hmac-sha1-96 " + "aes128-cts-hmac-sha256-128 aes128-cts-hmac-sha1-96 " + "aes256-cts des3-cbc-sha1 arcfour-hmac des-cbc-md5 " + "des-cbc-crc" + ) + krb5config.set( + "libdefaults", "default_tkt_enctypes", + "aes256-cts-hmac-sha384-192 aes256-cts-hmac-sha1-96 " + "aes128-cts-hmac-sha256-128 aes128-cts-hmac-sha1-96 " + "aes256-cts des3-cbc-sha1 arcfour-hmac des-cbc-md5 " + "des-cbc-crc" + ) krb5config.add_section("realms") krb5config.set("realms", "%s" % realm.upper(), realm_def) krb5config.add_section("domain_realm") diff --git a/src/tests/multihost/sssd/testlib/ipa/utils.py b/src/tests/multihost/sssd/testlib/ipa/utils.py index 084138cf869..a131f9f8eef 100644 --- a/src/tests/multihost/sssd/testlib/ipa/utils.py +++ b/src/tests/multihost/sssd/testlib/ipa/utils.py @@ -17,7 +17,7 @@ def __init__(self, Host): def install_common_pkgs(self): """ Install common required packages """ - pkgs = 'ldb-tools tcpdump wireshark-cli expect' + pkgs = 'ldb-tools tcpdump wireshark-cli expect python3-libsss_nss_idmap' if '8.' in self.multihost.distro: enable_idm1 = "dnf -y module reset idm" self.multihost.run_command(enable_idm1) diff --git a/src/tests/system/conftest.py b/src/tests/system/conftest.py index 623dc938e42..c53ae5f5fe8 100644 --- a/src/tests/system/conftest.py +++ b/src/tests/system/conftest.py @@ -7,10 +7,11 @@ # Load additional plugins pytest_plugins = ( + "pytest_importance", "pytest_mh", "pytest_ticket", - "pytest_tier", "sssd_test_framework.fixtures", + "sssd_test_framework.markers", ) diff --git a/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ad b/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ad new file mode 100644 index 00000000000..58f3e1045d6 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ad @@ -0,0 +1 @@ +passkey:Wp075+YqPw9bn3UhyNUa1u0wu8I982JVRxR/cd3KRplwD12NweMI15fMSTclruHiTPdi7i7y9IRGbTRtDWPt4w==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEh+6kmCDkIaUiHUx1SobhNo7jP6wUJCBocQP9jxhpM/uBRKNXWUUKNMJwiOp0Nkj/OeSP2xdtLNazs4KEPBk15A== diff --git a/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ipa b/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ipa new file mode 100644 index 00000000000..915689bd654 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ipa @@ -0,0 +1 @@ +passkey:NUZMRUXIb/W8Ij1GqwCDHSCWxt/SxWxckwtQjLYi/X6Y1qZFB+HI8WO6khzAjzsz248kHbaeAf9qfmqfCky1Jg==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIasAa8ogjPCKXeA4KY3t0W3xBRmG+E4D+MNoRIAJrYuNLSYtAcOL7DCbIfgc+7c5Y4Mh/FzoEyeumKGYMoyTfg== diff --git a/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ldap b/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ldap new file mode 100644 index 00000000000..82d76d9b590 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ldap @@ -0,0 +1 @@ +passkey:mQEUTWdtDJPELQNTDdxXNHlfIO1qXFf0LVZjWEfyDALFzvLZ4e4XD5bemqq+o3ThrzT6k1I1n3Z2N00GvLSmjQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqk7K5VAI7Evr4ar8X82L/sxm/Bnm5Ti31xnLfGO0BipwHucw8+/wT4+6T9j5gdMwZKUcXR4BILpmULEyrcZUfw== diff --git a/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.samba b/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.samba new file mode 100644 index 00000000000..f602626971f --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.samba @@ -0,0 +1 @@ +passkey:xYBuvCazxVg5VJ/D2yRI2/3ji86a+yft0W2S/BOF/pIZcwaxJLP1bZjWN7oJa3PP8p2N26yG2Erd90yIGOXocQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC1cAEJJW5SVDrCL62BYgtilv4DgkeiEXpNrdsMRk5+Iv5ddP6lgMH5hD98ddFlJX/YhEXdty6UibztVmgO7asQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ad b/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ad new file mode 100644 index 00000000000..e9864e7f2da --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ad @@ -0,0 +1,19 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@Z;^@^@*?^O[u!^Z0=bUG^TqFp^O]^HחI7%Lb.Fm4m^Mc^@^Adtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 ^@^@^AbidX@Z;*?^O[u!^Z0=bUG^TqFp^O]^HחI7%^@Lb.Fm4m^Mcdtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD^AA,K!^@^@^@^@^T^CXG0E^B t.F^^^]^AG^U@]/<*r^On^Z^B!^@^KX^B4ߚ>nut^Z^EXWn^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 8 ^@^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@Q^@^A^A^B^C8^X ^A!X <H*!Ó^M!^S[;s1c^Z%^H"X _^K^NE<^@^Et[v^WG'ħS^[^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^Avz^IRZ^@^Ak^[+^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 ^@5^@^BX0k*|e^OK^S^QyЇkC@^R6mo!^QOfQ.^@^@^@^@ +w 1 ^@^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@Z;^@^@*?^O[u!^Z0=bUG^TqFp^O]^HחI7%Lb.Fm4m^Mc^@^Adtypejpublic-key^Ebup^FX 2^N^Czf^R^@^PZ^L^A:K^IUhT^A><I^@^B^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 251 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 52 ^@^@^AbidX@Z;*?^O[u!^Z0=bUG^TqFp^O]^HחI7%^@Lb.Fm4m^Mcdtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD^AA,K!^E^@^@^@^X^CXF0D^B ^N^A^Zb;u.^S^_v}v{^K'Y{^B 4^H^BɩXû^DAe3A'bU_^M`[Ay^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ipa b/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ipa new file mode 100644 index 00000000000..1bc651a4465 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ipa @@ -0,0 +1,22 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^Ap^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@p^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 p^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrp^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMp^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyp^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@p^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@5F^@p^@LEEo"=F^@^] l\^KP"~֦E^Gc^\;3ۏ$^]^Aj~j^J^@p^AL&dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 p^@^@^AbidX@5FLEEo"=F^@^] l\^KP"~֦E^Gc^\;3p^@ۏ$^]^Aj~j^JL&dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/op^AC}.[^@^@^@^@^X^CXG0E^B!^@m$^MJ*;\^V=tjx9cа,^B kYp^B^_^GnrT": *^L^Rwr]!Zxf^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@p^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 p^@Q^@^A^A^B^C8^X ^A!X ^_9;^CEBQ&(W3h^]F^A%"X ^^s5p^@o6^@izdF m+35^P^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@p^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@p^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A2asչ^T"tw^@p^Aq^K^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 p^@5^@^BX0޺^Y<l^Qűk^B^A^`^Z^G^^^Fcޞ^Si^J^Erߨ]^@^@^@^@ +w 1 ^@p^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@5F^@p^@LEEo"=F^@^] l\^KP"~֦E^Gc^\;3ۏ$^]^Aj~j^J^@p^AL&dtypejpublic-key^Ebup^FX ȎRJs>7DB1f_о*^@p^BL^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 285 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 174 p^@^@^AbidX@5FLEEo"=F^@^] l\^KP"~֦E^Gc^\;3p^@ۏ$^]^Aj~j^JL&dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/op^AC}.[^E^@^@^@^\^CXG0E^B Eo]Wk%^H$-^W^BR^`x^P׀^B!^@ёqp^Bu9\^ZKR&>/͎[`t,^^eg^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ldap b/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ldap new file mode 100644 index 00000000000..db026662951 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ldap @@ -0,0 +1,21 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A^S=^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^S=^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^S=^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^S=^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^S=^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^S=^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^S=^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^A^TMgm^@^S=^@^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt4R5vv7M^Fd^@^S=^Atypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 ^S=^@^@^AbidX@^A^TMgm^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt^S=^@4R5vv7M^Fdtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^S=^A]l^U^J^H^@^@^@^@^C^CXH0F^B!^@9}K:N^M^PraX^D^CxM^B!^@z^A^S=^B􊲳^P+q^@^P|^XM$Fw^]6P3^[wq^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@^S=^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^S=^@Q^@^A^A^B^C8^X ^A!X H^GTd^Aڒ8X^T<IEiwֹI^Y^I^IFsܺ"X <^AHS^S=^@6^N9^JU@^\k)W^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@^S=^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^S=^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^AoYqgNu'^T^@^S=^A^U^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 78 ^S=^@5^@^BX0RC^_K*"+f^`z;XO@"MM3\L$Ή^K+M^@^@^@^@ +w 2 ^@^S=^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^A^TMgm^@^S=^@^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt4R5vv7M^Fd^@^S=^Atypejpublic-key^Ebup^FX ('^H(rZf2>֞{^_uLd^S^G^B^@ +r 240 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^S=^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 28 ^S=^@^@^AbidX@^A^TMgm^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt^S=^@4R5vv7M^Fdtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^S=^A]l^U^J^H^E^@^@^@^G^CXF0D^B j8^M\:H^O@%qt(^\/Ǻ~$$!>;^B u^S=^B{9AbF6^Xs5^K*ywv^L^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.samba b/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.samba new file mode 100644 index 00000000000..4c0b6e23e92 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.samba @@ -0,0 +1,19 @@ +d 0 /dev/hidraw1 + +w 1 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^An5^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@n5Ő^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 n5Ő^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrn5^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMn5^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyn5^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@n5Ő^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@n5^@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iks۬JL^@n5^A^Xqdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 n5Ő^@^@^AbidX@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iksn5^@۬JL^Xqdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>n5^A`^_W^@^@^@^@C^CXG0E^B ^]^TM^]^W4yZ٢@ޝ^@^B!^@(^HSn5^B^EV^]+^X3YW3C7HD^D$^\^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 4 ^@n5Ő^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 n5Ő^@Q^@^A^A^B^C8^X ^A!X $xܰXy,ҟ^E@~$h@^P"X }^V%^Ovpn5^@iu\E^M'^@@Υj.0bZ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 4 ^@n5Ő^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@n5^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^NV-Q^P^K^@n5^Ap^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 n5Ő^@5^@^BX0^L[{cHUK^@M^Rƫ^[gY[`b,u^F;1jBۀ^OŶ_^@^@^@^@ +w 3 ^@n5Ő^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@n5^@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iks۬JL +w 10 ^@n5^A^Xqdtypejpublic-key^Ebup^FX ^R~GؿB_],pSvA3*^Ut^@n5^B4^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 246 n5Ż^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 n5Ż^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 n5Ż^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 n5Ż^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 75 n5Ő^@^@^AbidX@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iksn5^@۬JL^Xqdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>n5^A`^_W^E^@^@^@F^CXH0F^B!^@/2^_1,,0^ABd^FKZ@m^B!^@^S&n5^BO|FoзN$<ˣ!W\^V^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__register__ipa/passkey-mapping b/src/tests/system/data/test_passkey/test_passkey__register__ipa/passkey-mapping new file mode 100644 index 00000000000..384aaefda0c --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__register__ipa/passkey-mapping @@ -0,0 +1 @@ +Passkey mapping: passkey:DxUk04JimrbcKKTdjqP8vRMQLA9zCqm/uoHW3HRDIr7ztTbcXzsV2oEc4QCZIMlbEc0ZWiA4HnkEwbzAuOCMDg==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEyrxaekpIX7AMw72mH7ZcWpwP4t0GCLccSbMse6HOYvfIatpWJC/oeWJnd4ei7XxpGu7MO2atlupS03kbKFr7VQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__register__ipa/umockdev.script b/src/tests/system/data/test_passkey/test_passkey__register__ipa/umockdev.script new file mode 100644 index 00000000000..f46e9072d68 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__register__ipa/umockdev.script @@ -0,0 +1,23 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^Ag8^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@g8^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 g8^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrg8^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMg8^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyg8^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 3582 ^@g8^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 g8^@Q^@^A^A^B^C8^X ^A!X m^W-(l9۝W`^B{eNȈeT@=^\"X >^Rg8^@^OOP^H6^K4^Y^JMn^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@g8^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@g8^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^I^K^RBc^@g8^Ah^F"^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 g8^@5^@^BX0D͖J?^OG{lD^O^@^DDO`^[^W!5^@^@^@^@ +w 1 ^@g8^@^A^AX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^Bbidhipa.testdnameh^@g8^@ipa.test^CbidX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^Adnameeuser1^D^@g8^Acalg&dtypejpublic-key^HX 4Asa2.^F؎^\2@z30̲^I^@g8^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 199 g8^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 g8^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 g8^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 g8^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 g8^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 g8^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 g8^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 g8^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 g8^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 g8^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 g8^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 291 g8^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@g8^D^H^@^Afpacked^BXĜ^@|Dږ^Qx??d^Q/N4/oC}.[E^@^@^@^B/W^SGg8^@^VZ *^@@^O^U$ӂb(ݎ^S^P,^Os^JtC"6_;^Uځ^\^@ [g8^A^Q^YZ 8^^y^D^N^A^B^C& ^A!X ʼZzJH_^Lý^_\Z^O^F^H^\I,{b"g8^BX jV$/ybgw|i^Z;fRy^[(ZU^Ccalg&csigXF0D^B >]^KRg8^C$wJˡƲ婟Cx^RV^B ^A>nnUU0Q\]՟^CGcg8^Dx5cY^B0^B0^A^C^B^A^B^B^I^@9*7_80^M^F^I*H^M^A^A^K^E^@0.1,0*^F^CU^D^C^S#g8^EYubico U2F Root CA Serial 4572006310 ^W^M140801000000Z^X^O20500g8^F904000000Z0n1^K0^I^F^CU^D^F^S^BSE1^R0^P^F^CU^D^J^L^IYubico AB1"0 ^F^CU^D^K^L^YAutg8^Ghenticator Attestation1'0%^F^CU^D^C^L^^Yubico U2F EE Serial 92551g8^H41600Y0^S^F^G*H=^B^A^F^H*H=^C^A^G^CB^@^DS0^Nȣ\^G2V^FL$]^MSX^Kg8^IsG^O^W^Uyyhp\^W^C&oۆ^U#£00^S^F^J+^F^A^D^A^J^M^A^D^E^D^Cg8^J^E^D^C0"^F^I+^F^A^D^A^J^B^D^U1.3.6.1.4.1.41482.1.70^S^F^K+^F^A^D^A^\^B^A^A^D^D^C^B^Dg8^K00!^F^K+^F^A^D^A^\^A^A^D^D^R^D^P/W^SG^VZ *0^L^F^CU^]^S^A^A^D^B0^@0^M^F^I*Hg8^L^M^A^A^K^E^@^C^A^A^@^Ai1d;I^O!/X,H^\_^X"t9e>3J]^KbP^N^D<ԓg8^MpI^Hw^J^P=^VN^Rr`C6"̜j^G-x'^_^A^^jE| {V^Rg|%51g8^NKөuԼd~^R,޵/u^T^@\b^_*G^Hۨy%M^V:E*DN^T^YvX6^N^M^`g8^OE^V^N)"L^HP`nw<\S~rOoL*2r?Q^H.k[]ȊLDNEg8^P;31V^P~#6!^K((g!B^Kv^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__register__sssctl/passkey-mapping b/src/tests/system/data/test_passkey/test_passkey__register__sssctl/passkey-mapping new file mode 100644 index 00000000000..69c3757b81c --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__register__sssctl/passkey-mapping @@ -0,0 +1 @@ +passkey:P4FxRBaZKEWiwC9bUt4TSsEla4S3S5rRNsQ5uZQjNO6R7hcBQkE52/v7CUXA6Jm/pXcU3XesaslZGiV+RswjkA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6n4ktkd2yTcxqcQhXpHhs1AXLQGXAB1fWwFmb9gYOngjkT+ENUZGbA78IqVrRZBWGu2YJBPWo7UuamPsLcYCww== diff --git a/src/tests/system/data/test_passkey/test_passkey__register__sssctl/umockdev.script b/src/tests/system/data/test_passkey/test_passkey__register__sssctl/umockdev.script new file mode 100644 index 00000000000..9e04a725cc5 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__register__sssctl/umockdev.script @@ -0,0 +1,19 @@ +d 0 /dev/hidraw1 + +w 2 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A2qu^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@2qu^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 2qu^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr2qu^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM2qu^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key2qu^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 3645 ^@2qu^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 2qu^@Q^@^A^A^B^C8^X ^A!X m^W-(l9۝W`^B{eNȈeT@=^\"X >^R2qu^@^OOP^H6^K4^Y^JMn^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@2qu^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@2qu^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^I^K^RBc^@2qu^Ah^F"^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 2qu^@5^@^BX0H^E^K%_^CKESA˿nÿI^G^Dj^XA^K^M;\Yxp^@^@^@^@ +w 1 ^@2qu^@^A^AX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^Bbidildap.testdname^@2qu^@ildap.test^CbidX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^Adnameeuser^@2qu^A1^Dcalg&dtypejpublic-key^HX 4Asa2.^F؎^\2@z30̲^@2qu^B^I^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 231 2qu^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 2qu^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 2qu^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 2qu^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 2qu^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 2qu^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 2qu^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 170 2qu^D^H^@^Afpacked^BXD^^^W^D@+0w7-яD^I^E^H7E^@^@^@^A/W^SG2qu^@^VZ *^@@?qD^V(E/[R^SJ%kK69#4^W^ABA9^IE虿2qu^Aw^TwjY^Z%~F#^A^B^C& ^A!X ~$Gv71!^`P^W-^A^@^]_[^Afo^X:x"2qu^BX #?5FFl^N"kEV^Z$^S֣.jc-^B^Ccalg&csigXF0D^B ^Y1Q]2qu^CC^I>^PyIlr}^A\^L.?^B X9S^N鵭8t^\"2:[c2qu^Dx5cY^B0^B0^A^C^B^A^B^B^I^@9*7_80^M^F^I*H^M^A^A^K^E^@0.1,0*^F^CU^D^C^S#2qu^EYubico U2F Root CA Serial 4572006310 ^W^M140801000000Z^X^O205002qu^F904000000Z0n1^K0^I^F^CU^D^F^S^BSE1^R0^P^F^CU^D^J^L^IYubico AB1"0 ^F^CU^D^K^L^YAut2qu^Ghenticator Attestation1'0%^F^CU^D^C^L^^Yubico U2F EE Serial 925512qu^H41600Y0^S^F^G*H=^B^A^F^H*H=^C^A^G^CB^@^DS0^Nȣ\^G2V^FL$]^MSX^K2qu^IsG^O^W^Uyyhp\^W^C&oۆ^U#£00^S^F^J+^F^A^D^A^J^M^A^D^E^D^C2qu^J^E^D^C0"^F^I+^F^A^D^A^J^B^D^U1.3.6.1.4.1.41482.1.70^S^F^K+^F^A^D^A^\^B^A^A^D^D^C^B^D2qu^K00!^F^K+^F^A^D^A^\^A^A^D^D^R^D^P/W^SG^VZ *0^L^F^CU^]^S^A^A^D^B0^@0^M^F^I*H2qu^L^M^A^A^K^E^@^C^A^A^@^Ai1d;I^O!/X,H^\_^X"t9e>3J]^KbP^N^D<ԓ2qu^MpI^Hw^J^P=^VN^Rr`C6"̜j^G-x'^_^A^^jE| {V^Rg|%512qu^NKөuԼd~^R,޵/u^T^@\b^_*G^Hۨy%M^V:E*DN^T^YvX6^N^M^`2qu^OE^V^N)"L^HP`nw<\S~rOoL*2r?Q^H.k[]ȊLDNE2qu^P;31V^P~#6!^K((g!B^Kv^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ad b/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ad new file mode 100644 index 00000000000..58f3e1045d6 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ad @@ -0,0 +1 @@ +passkey:Wp075+YqPw9bn3UhyNUa1u0wu8I982JVRxR/cd3KRplwD12NweMI15fMSTclruHiTPdi7i7y9IRGbTRtDWPt4w==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEh+6kmCDkIaUiHUx1SobhNo7jP6wUJCBocQP9jxhpM/uBRKNXWUUKNMJwiOp0Nkj/OeSP2xdtLNazs4KEPBk15A== diff --git a/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ipa b/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ipa new file mode 100644 index 00000000000..915689bd654 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ipa @@ -0,0 +1 @@ +passkey:NUZMRUXIb/W8Ij1GqwCDHSCWxt/SxWxckwtQjLYi/X6Y1qZFB+HI8WO6khzAjzsz248kHbaeAf9qfmqfCky1Jg==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIasAa8ogjPCKXeA4KY3t0W3xBRmG+E4D+MNoRIAJrYuNLSYtAcOL7DCbIfgc+7c5Y4Mh/FzoEyeumKGYMoyTfg== diff --git a/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ldap b/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ldap new file mode 100644 index 00000000000..82d76d9b590 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ldap @@ -0,0 +1 @@ +passkey:mQEUTWdtDJPELQNTDdxXNHlfIO1qXFf0LVZjWEfyDALFzvLZ4e4XD5bemqq+o3ThrzT6k1I1n3Z2N00GvLSmjQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqk7K5VAI7Evr4ar8X82L/sxm/Bnm5Ti31xnLfGO0BipwHucw8+/wT4+6T9j5gdMwZKUcXR4BILpmULEyrcZUfw== diff --git a/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.samba b/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.samba new file mode 100644 index 00000000000..f602626971f --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.samba @@ -0,0 +1 @@ +passkey:xYBuvCazxVg5VJ/D2yRI2/3ji86a+yft0W2S/BOF/pIZcwaxJLP1bZjWN7oJa3PP8p2N26yG2Erd90yIGOXocQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC1cAEJJW5SVDrCL62BYgtilv4DgkeiEXpNrdsMRk5+Iv5ddP6lgMH5hD98ddFlJX/YhEXdty6UibztVmgO7asQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ad b/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ad new file mode 100644 index 00000000000..e9864e7f2da --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ad @@ -0,0 +1,19 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@Z;^@^@*?^O[u!^Z0=bUG^TqFp^O]^HחI7%Lb.Fm4m^Mc^@^Adtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 ^@^@^AbidX@Z;*?^O[u!^Z0=bUG^TqFp^O]^HחI7%^@Lb.Fm4m^Mcdtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD^AA,K!^@^@^@^@^T^CXG0E^B t.F^^^]^AG^U@]/<*r^On^Z^B!^@^KX^B4ߚ>nut^Z^EXWn^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 8 ^@^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@Q^@^A^A^B^C8^X ^A!X <H*!Ó^M!^S[;s1c^Z%^H"X _^K^NE<^@^Et[v^WG'ħS^[^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^Avz^IRZ^@^Ak^[+^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 ^@5^@^BX0k*|e^OK^S^QyЇkC@^R6mo!^QOfQ.^@^@^@^@ +w 1 ^@^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@Z;^@^@*?^O[u!^Z0=bUG^TqFp^O]^HחI7%Lb.Fm4m^Mc^@^Adtypejpublic-key^Ebup^FX 2^N^Czf^R^@^PZ^L^A:K^IUhT^A><I^@^B^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 251 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 52 ^@^@^AbidX@Z;*?^O[u!^Z0=bUG^TqFp^O]^HחI7%^@Lb.Fm4m^Mcdtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD^AA,K!^E^@^@^@^X^CXF0D^B ^N^A^Zb;u.^S^_v}v{^K'Y{^B 4^H^BɩXû^DAe3A'bU_^M`[Ay^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ipa b/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ipa new file mode 100644 index 00000000000..1bc651a4465 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ipa @@ -0,0 +1,22 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^Ap^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@p^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 p^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrp^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMp^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyp^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@p^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@5F^@p^@LEEo"=F^@^] l\^KP"~֦E^Gc^\;3ۏ$^]^Aj~j^J^@p^AL&dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 p^@^@^AbidX@5FLEEo"=F^@^] l\^KP"~֦E^Gc^\;3p^@ۏ$^]^Aj~j^JL&dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/op^AC}.[^@^@^@^@^X^CXG0E^B!^@m$^MJ*;\^V=tjx9cа,^B kYp^B^_^GnrT": *^L^Rwr]!Zxf^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@p^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 p^@Q^@^A^A^B^C8^X ^A!X ^_9;^CEBQ&(W3h^]F^A%"X ^^s5p^@o6^@izdF m+35^P^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@p^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@p^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A2asչ^T"tw^@p^Aq^K^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 p^@5^@^BX0޺^Y<l^Qűk^B^A^`^Z^G^^^Fcޞ^Si^J^Erߨ]^@^@^@^@ +w 1 ^@p^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@5F^@p^@LEEo"=F^@^] l\^KP"~֦E^Gc^\;3ۏ$^]^Aj~j^J^@p^AL&dtypejpublic-key^Ebup^FX ȎRJs>7DB1f_о*^@p^BL^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 285 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 174 p^@^@^AbidX@5FLEEo"=F^@^] l\^KP"~֦E^Gc^\;3p^@ۏ$^]^Aj~j^JL&dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/op^AC}.[^E^@^@^@^\^CXG0E^B Eo]Wk%^H$-^W^BR^`x^P׀^B!^@ёqp^Bu9\^ZKR&>/͎[`t,^^eg^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ldap b/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ldap new file mode 100644 index 00000000000..db026662951 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ldap @@ -0,0 +1,21 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A^S=^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^S=^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^S=^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^S=^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^S=^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^S=^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^S=^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^A^TMgm^@^S=^@^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt4R5vv7M^Fd^@^S=^Atypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 ^S=^@^@^AbidX@^A^TMgm^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt^S=^@4R5vv7M^Fdtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^S=^A]l^U^J^H^@^@^@^@^C^CXH0F^B!^@9}K:N^M^PraX^D^CxM^B!^@z^A^S=^B􊲳^P+q^@^P|^XM$Fw^]6P3^[wq^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@^S=^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^S=^@Q^@^A^A^B^C8^X ^A!X H^GTd^Aڒ8X^T<IEiwֹI^Y^I^IFsܺ"X <^AHS^S=^@6^N9^JU@^\k)W^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@^S=^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^S=^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^AoYqgNu'^T^@^S=^A^U^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 78 ^S=^@5^@^BX0RC^_K*"+f^`z;XO@"MM3\L$Ή^K+M^@^@^@^@ +w 2 ^@^S=^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^A^TMgm^@^S=^@^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt4R5vv7M^Fd^@^S=^Atypejpublic-key^Ebup^FX ('^H(rZf2>֞{^_uLd^S^G^B^@ +r 240 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^S=^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 28 ^S=^@^@^AbidX@^A^TMgm^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt^S=^@4R5vv7M^Fdtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^S=^A]l^U^J^H^E^@^@^@^G^CXF0D^B j8^M\:H^O@%qt(^\/Ǻ~$$!>;^B u^S=^B{9AbF6^Xs5^K*ywv^L^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.samba b/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.samba new file mode 100644 index 00000000000..4c0b6e23e92 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.samba @@ -0,0 +1,19 @@ +d 0 /dev/hidraw1 + +w 1 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^An5^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@n5Ő^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 n5Ő^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrn5^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMn5^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyn5^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@n5Ő^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@n5^@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iks۬JL^@n5^A^Xqdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 n5Ő^@^@^AbidX@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iksn5^@۬JL^Xqdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>n5^A`^_W^@^@^@^@C^CXG0E^B ^]^TM^]^W4yZ٢@ޝ^@^B!^@(^HSn5^B^EV^]+^X3YW3C7HD^D$^\^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 4 ^@n5Ő^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 n5Ő^@Q^@^A^A^B^C8^X ^A!X $xܰXy,ҟ^E@~$h@^P"X }^V%^Ovpn5^@iu\E^M'^@@Υj.0bZ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 4 ^@n5Ő^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@n5^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^NV-Q^P^K^@n5^Ap^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 n5Ő^@5^@^BX0^L[{cHUK^@M^Rƫ^[gY[`b,u^F;1jBۀ^OŶ_^@^@^@^@ +w 3 ^@n5Ő^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@n5^@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iks۬JL +w 10 ^@n5^A^Xqdtypejpublic-key^Ebup^FX ^R~GؿB_],pSvA3*^Ut^@n5^B4^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 246 n5Ż^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 n5Ż^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 n5Ż^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 n5Ż^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 75 n5Ő^@^@^AbidX@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iksn5^@۬JL^Xqdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>n5^A`^_W^E^@^@^@F^CXH0F^B!^@/2^_1,,0^ABd^FKZ@m^B!^@^S&n5^BO|FoзN$<ˣ!W\^V^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ad b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ad new file mode 100644 index 00000000000..d3fd8436e84 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ad @@ -0,0 +1 @@ +passkey:oducA9WSTrzBHX2gUKylRNl2PD2XCb4a7V0XJOtahqIX7wGcAugflvrVjbWG2JPTsLlVf+j/dmia7SNIVhK5AA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGEa7EktmUw4AOR6Y6r1W2zxXptQh3YaDNdvQEifZ3NpgRosVv+GS85uR3h6Ed1E7FtgfugwsZYeR8+9+GM6h8g== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ipa b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ipa new file mode 100644 index 00000000000..d3fd8436e84 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ipa @@ -0,0 +1 @@ +passkey:oducA9WSTrzBHX2gUKylRNl2PD2XCb4a7V0XJOtahqIX7wGcAugflvrVjbWG2JPTsLlVf+j/dmia7SNIVhK5AA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGEa7EktmUw4AOR6Y6r1W2zxXptQh3YaDNdvQEifZ3NpgRosVv+GS85uR3h6Ed1E7FtgfugwsZYeR8+9+GM6h8g== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ldap b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ldap new file mode 100644 index 00000000000..e537dabdbcb --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ldap @@ -0,0 +1 @@ +passkey:aEgemlnC6a/WOoEZ8qU1YMwsTW9+uwmMsJnrgOXwTID0qIBHirzHp6d+e1d3WBhcSf7t9Ji8fl3AdSPtlbdN5Q==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENwDQHwyZmnYaUEp0UNqqnw0tGOGnqOMBGdds6O3+JKbmmJGTn0vo7sKNNcDWDsFhJFU/RLWXmHXglxSo+yw9iQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.samba b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.samba new file mode 100644 index 00000000000..e537dabdbcb --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.samba @@ -0,0 +1 @@ +passkey:aEgemlnC6a/WOoEZ8qU1YMwsTW9+uwmMsJnrgOXwTID0qIBHirzHp6d+e1d3WBhcSf7t9Ji8fl3AdSPtlbdN5Q==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENwDQHwyZmnYaUEp0UNqqnw0tGOGnqOMBGdds6O3+JKbmmJGTn0vo7sKNNcDWDsFhJFU/RLWXmHXglxSo+yw9iQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ad b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ad new file mode 100644 index 00000000000..3f04d19aec5 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ad @@ -0,0 +1,8 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A^[.^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 3 ^@^[.^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^[.^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^[.^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^[.^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^[.^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 4 ^@^[.^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@ۜ^@^[.^@^CՒN^]}PDv<=^I^Z]^W$Z^W^A^B^_ՍؓӰUvh#HV^R^@^[.^A^@dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 7 ^[.^@^A.^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ipa b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ipa new file mode 100644 index 00000000000..8f1039f7cc1 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ipa @@ -0,0 +1,8 @@ +d 0 /dev/hidraw1 + +w 5 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A^L^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^LҐ^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^LҐ^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^L^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^L^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^L^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^LҐ^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@^L^@^CՒN^]}PDv<=^I^Z]^W$Z^W^A^B^_ՍؓӰUvh#HV^@^L^A^R^@dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 6 ^LҐ^@^A.^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ldap b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ldap new file mode 100644 index 00000000000..4d9aa650c51 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ldap @@ -0,0 +1,8 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@hH^^Y^@^@:^Y5`,Mo~^ILGǧ~{WwX^X\I~]u#핷Md^@^Atypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 7 ^@^A.^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.samba b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.samba new file mode 100644 index 00000000000..dfff5d24fb5 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.samba @@ -0,0 +1,8 @@ +d 0 /dev/hidraw1 + +w 2 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A+W^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@+W^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 +W^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr+W^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM+W^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key+W^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 4 ^@+W^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@+W^@hH^^Y:^Y5`,Mo~^ILGǧ~{WwX^X\I~]u#^@+W^A핷Mdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 7 +W^@^A.^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ad b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ad new file mode 100644 index 00000000000..1091d550c1f --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ad @@ -0,0 +1 @@ +passkey:KyF+ut3E2PHwuaQK/7fXo5ffpgp8IB1R+8WybEXhg9x9/Gl4T08CV5sT3FhaAN3HVJ3Jxren3mcg5fgwlKSlWA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEO2opNUQmqFOGg5s7ONAvwuipDEnSVjqbuKAUS5wBgM8W5tUQACnIs3mNXoriBVNn4kfoyBy3lVHCNxiPh97IgA== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ipa b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ipa new file mode 100644 index 00000000000..915689bd654 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ipa @@ -0,0 +1 @@ +passkey:NUZMRUXIb/W8Ij1GqwCDHSCWxt/SxWxckwtQjLYi/X6Y1qZFB+HI8WO6khzAjzsz248kHbaeAf9qfmqfCky1Jg==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIasAa8ogjPCKXeA4KY3t0W3xBRmG+E4D+MNoRIAJrYuNLSYtAcOL7DCbIfgc+7c5Y4Mh/FzoEyeumKGYMoyTfg== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ldap b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ldap new file mode 100644 index 00000000000..82d76d9b590 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ldap @@ -0,0 +1 @@ +passkey:mQEUTWdtDJPELQNTDdxXNHlfIO1qXFf0LVZjWEfyDALFzvLZ4e4XD5bemqq+o3ThrzT6k1I1n3Z2N00GvLSmjQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqk7K5VAI7Evr4ar8X82L/sxm/Bnm5Ti31xnLfGO0BipwHucw8+/wT4+6T9j5gdMwZKUcXR4BILpmULEyrcZUfw== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.samba b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.samba new file mode 100644 index 00000000000..7c59d41c14b --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.samba @@ -0,0 +1 @@ +passkey:8Pob9IlseyKTRqxWtSB+4+nQmX/AioWH851f8u700UZhllaColWx5vCjfBBKuLORLKjbuW8OxCsSWFcPAUMvdA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElOYokAR0Co/jZYxMDOywmZgQKJFvTRyPj19XRhZndOt7+QEqCFgwYt73XxQakVrWyO+TNQbhTMp3Q5saz3s0hA== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ad b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ad new file mode 100644 index 00000000000..4283810b71d --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ad @@ -0,0 +1,12 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A^H;^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^H;^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^H;^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^H;^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^H;^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^H;^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^H;^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@+!~^@^H;^@^Jףߦ^J| ^]QŲlE}ixOO^BW^SXZ^@TƷg 0^@^H;^AXdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 ^H;^@^@^AbidX@+!~^Jףߦ^J| ^]QŲlE}ixOO^BW^SXZ^@^H;^@TƷg 0Xdtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD^H;^AA,K!^@^@^@^@^N^CXF0D^B w'G9?^_H^O_.LӜوx".^Ps*^L^B e<X^H;^BrbEe3ª{^EM^@tTK^@a^W^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@^H;^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^H;^@Q^@^A^A^B^C8^X ^A!X tV~EWpC~$z>Gqu|^W^Iw"X A^H;^@n^L}~2P浐^G|^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@^H;^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^H;^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^AV^`ϊ32^D\^@^H;^A^Vpcx^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 315 ^H;^@^A1^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ipa b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ipa new file mode 100644 index 00000000000..46fee2c38a2 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ipa @@ -0,0 +1,12 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A%^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@%^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 %^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr%^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM%^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key%^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@%^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@5F^@%^@LEEo"=F^@^] l\^KP"~֦E^Gc^\;3ۏ$^]^Aj~j^J^@%^AL&dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 %^@^@^AbidX@5FLEEo"=F^@^] l\^KP"~֦E^Gc^\;3%^@ۏ$^]^Aj~j^JL&dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/o%^AC}.[^@^@^@^@D^CXG0E^B ^U^DWq^RDB^IU0@^C*2^[mi^N渘^B!^@ȗ%^B^Qk^Zцm^^^_^[8^Klv^L]^Qj^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@%^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 %^@Q^@^A^A^B^C8^X ^A!X Zlf/@j^D^Nr3Qnޜ^VɄLix4ޤ"X t^A^L%^@^_w^G^KzD^O^V^\gX^KۨeW^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@%^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@%^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^AiZ^C?^PR11^@%^A^P^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 314 %^@^A1^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ldap b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ldap new file mode 100644 index 00000000000..bba0c2e1679 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ldap @@ -0,0 +1,12 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^A^TMgm^@^@^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt4R5vv7M^Fd^@^Atypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 ^@^@^AbidX@^A^TMgm^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚtᗘ^@4R5vv7M^Fdtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^A]l^U^J^H^@^@^@^@^Q^CXG0E^B ^BgR+X[6E]@^J;q0Q$^I^A;Y^B!^@T }^Bx7G^^8^]^I/վ$"^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@Q^@^A^A^B^C8^X ^A!X ^A^`5'K<:^R^RP'rI2?^^ɘ^GgEs"X Zb^FNe^@e^X0W^L^G)>)=0M^J^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^AZ^\^K_߹^Y^@^A^M^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 315 ^@^A1^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.samba b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.samba new file mode 100644 index 00000000000..35306317d6a --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.samba @@ -0,0 +1,12 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A^\k^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^\k^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^\k^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^\k^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^\k^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^\k^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^\k^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@^\k^@^[l{"FV ~Й_FaVU|^PJ,۹o^N+^RXW^@^\k^A^O^AC/tdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 ^\k^@^@^AbidX@^[l{"FV ~Й_FaVU|^PJ^\k^@,۹o^N+^RXW^O^AC/tdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>^\k^A`^_W^@^@^@^@^S^CXH0F^B!^@ݟD^D#yZ^WmT^`^`'/^X^B!^@@^\k^BGȰ^\nL}^Wi]~$^Q応-L^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@^\k^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^\k^@Q^@^A^A^B^C8^X ^A!X ^H&I0n<?^A^GxD|'b ^_4Ӏ+k"X d.R6{/^\k^@^P:e^E@^C[^LI^H^M&^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@^\k^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^\k^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^P=>^Rr^@^\k^A^Y^V7^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 315 ^\k^@^A1^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad1 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad1 new file mode 100644 index 00000000000..a411c2b97c8 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad1 @@ -0,0 +1 @@ +passkey:1hbrFvTCY5pyyHlhVGrC+ryZOwKZ9LCvhcHEDZ3iltArBk4BFWKaGF7GfL7VE1KropJu2YwhF6LHpqBikYtEgw==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvoPSzcCec/g1E9RoEwk+RFNUJE5WdB1sAQVJ6w2zM7VDFK2RjR5hHzm1/Gft3W5v6Rm1ZRt3A9X6blXD9OJQMw== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad2 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad2 new file mode 100644 index 00000000000..2e3f380d89d --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad2 @@ -0,0 +1 @@ +passkey:vtlqF1GClIosPT2JwThEJpeiyKYG5s5BknfBMvPlL2WmaAE93kFYVoRosBJlQyGt5grIWdU/w85QQ/udYicdlw==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEj5ie6RrNxHKiXeEvr6NwxXfXA3X0QVkM8QdrKA2GK7r6YZa06i/a48cLYwl5CUJquGs10vDsnet2b/aMduFp4Q== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad3 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad3 new file mode 100644 index 00000000000..c7b7d782cc7 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad3 @@ -0,0 +1 @@ +passkey:xhb+fmoQjEuMuqsK+t/Yz1rX/m8WsHPTQO+gxBp6Augh9RNUAruJNeXiUo6YrqTFxuX6I5PvYQFftRA0SiOpKA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMCkQaZqDSJqH0jWR2YcNa6R1oO2oFxgx1rXEwI62MTX9u5gCHU/7AFESysigYAREndy6Q90SFdjwT0FiJPU/GA== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad4 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad4 new file mode 100644 index 00000000000..c2a145be159 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad4 @@ -0,0 +1 @@ +passkey:Tx7ILJ+5p8u1FOr7iLxDtHb4NyEuIQjNYoRdRm2T/wnnLYTAvbOp3m/WovSK+WZq7Q1vCMxP3kyCsnjvKZ7SLA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEunLPnHH0MM0ZSsywgetlhK+bNvrsPHcFbQAAsbH6lPyLctonKoEfUgFNSKEwn20xyuSTQGjaU10hjFXxLiiMQw== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa1 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa1 new file mode 100644 index 00000000000..c7e7ee55bab --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa1 @@ -0,0 +1 @@ +passkey:BbFJ9t3sqGzjNThFWFqgMxENvQIb203cgSM2qb52Zc7xCTvoWQtsa9/vjFbukvGOx6fMw1lgMVQOqceKhYARww==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoq4Ypq4a5+MWdhf8x+m5BK783Wp/E4TokMF1rQOME9SJX3oXJAxaZj1ltdFwmeIajfZkkVMndvr4uVRhYHLEUw== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa2 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa2 new file mode 100644 index 00000000000..589424cbb49 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa2 @@ -0,0 +1 @@ +passkey:CZILjGtoM2QVR4JQcr8Rs/fV939N4TIvQbyHlLVAuuUDPB2SAHq4MhCosJ628Hj5JOzvJ2tDqsT228IDPHjQ3Q==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGEM4RU0wiFBk0mx+xDYan97xMXOe9w6GrCZ3hzbnDdTDVvUjU8ITLv4IEdUghYI+e1EP0srcFF3Z3VKojP1t/w== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa3 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa3 new file mode 100644 index 00000000000..57addf77b33 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa3 @@ -0,0 +1 @@ +passkey:l+9XFbZokx64BYVVnna+s18EBmCj00r1gKq2KWD1N5tl3AGhnNvmYiZBJ01yGt9MSB1PcJeBcqVniUVxN9TU1A==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpjeVVT75Kfs4JBgZLb/1xqnx4wWeHCrc5PyTjgo6xHdXr8jHZmXQbZZ8U0991WNYpG5UeB/CpzpSVFgUlz5r7A== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa4 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa4 new file mode 100644 index 00000000000..2adac9f3895 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa4 @@ -0,0 +1 @@ +passkey:kwWDXUF6ZZmO/xgy+kJxYjkJwwwDUlaCTpzST6vouQMzUwx2ZhtIzZjE6lRG7xnjEDj4MpZVeVEy8NHCvadWxA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC5P88x4OIdS7umZisF21C9r52b6Vq8gp7wzWlyWLNAcCh9xwcNo9SDGH759B8FGSxf//1i9nZpxpYw5i2PNQIg== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap1 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap1 new file mode 100644 index 00000000000..9fe12215365 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap1 @@ -0,0 +1 @@ +passkey:oLMjVFZWhUPYM3qQJ/OOuCNdstU3IDRQhN/NHlUjIGYupVm2MCHfmR6uQzUv2S95IV38HuQSobbmpxgo1pun9Q==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEyWSxPheJsdR3upRoanRKPMuEQ18mht1aHKE84uKWOTLucmPtyl241ILqLeMEN7qOATkHGZO7uJ7MvIlv/4wG3Q== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap2 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap2 new file mode 100644 index 00000000000..1d64a12a1b8 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap2 @@ -0,0 +1 @@ +passkey:+p2T3BlIuhVexBjpSKBgklXNP5iqvqaVaZ7YUPGyisR2UjlGi+Iu+WjojQ8NwG3GAOynSkgN62t9lTs7uE7Fyg==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC+Kr3Cj+F5x+s7cU69lEXft1K8xF4tajI6XA7SlZP1ABc4zSIkSA+zUFaYnj5ioCr13FwQBi9orwsUw+HAt8hQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap3 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap3 new file mode 100644 index 00000000000..ca2f9529ece --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap3 @@ -0,0 +1 @@ +passkey:CtFMuaoAS3uQdNWK46+hqosqNle0p+jtkW0NzqPX6uGslW6wf4NJqID45B+yDKGlr9zbab67mhz628Bo+wjKPw==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwlsjesyr3AJnSgtkS79NS554rwebuscI14Z6YepvUfgorEm3xV2N9Wa0QMXrHAWRb1A6QhQViMiV2sjYqnlQLA== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap4 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap4 new file mode 100644 index 00000000000..338ffd8ad7b --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap4 @@ -0,0 +1 @@ +passkey:GGCyvyO388Ri6FDJNeQ3yFYYC4/KUHZVD12D4vIIPYgGySXcYTJN7K+7KGFBg0wXo+poX81SIV3UPSxEndjeeA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE15xtRy9X3nGnWVPaHiaHLQJvDXS2tyX4367wgsoclDMuKAD0MgYcWJ8k99WUE/IihRyw4Cmx0XnFmb30/PFurg== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba1 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba1 new file mode 100644 index 00000000000..785c94d4b32 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba1 @@ -0,0 +1 @@ +passkey:EXNvfDS6VwdjcL0QRvbzC4LyQYAlyIMj4mYWZVjrq3g4x10nz+RYnfw9pf11RzjjPIdz5E5rM4PWBEGhR5fTSQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJW8+L4Q/NnRbvbidmv4WdXzHKbUCom3KzFQyDNhx38WG/m3gyUdj15SIbEBt927fE5+cC3bNZ482JO9BQ1qZgQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba2 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba2 new file mode 100644 index 00000000000..233d4051820 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba2 @@ -0,0 +1 @@ +passkey:Kkp0yoBWRUeVzvZRe91OSc455lsI5k6NlGujfXlFjZo85Dge1E9sGC76TbKRVlfF0ET2fsdqdOJVUrW7kOAL4Q==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7lUQT19LPesNelWnNh2J89YCYXGl8uraXuqAh0A0hFnjk5y1XTgwFGdcBKXZqBcf+wFBCk4Wbc4V/WJgUn7sgQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba3 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba3 new file mode 100644 index 00000000000..83273a05679 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba3 @@ -0,0 +1 @@ +passkey:GrnhXL9VajTEyQMR3/CqAkdDqqyDjLdaM88SjX2nyhKsRwu6HoqU3phY17N2p0uXaQYhH5T3DsAiL+ThCPMzcg==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEP9l6fpn66o2sWeb4f8m0+2Piu1niblr3d6z/n0UrwI+9hdu2hKAElzAlbXTRt0wEnLH1RCJF+3HAP3krcxInLQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba4 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba4 new file mode 100644 index 00000000000..ce18c59859f --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba4 @@ -0,0 +1 @@ +passkey:kPSz0igg9//JrepGbKXuve2rU+X+f0KvZ3HcdcxrQWda93Xk0DxioZa5UIc9LBcrlMRQg7XQreahcWfcFLT8OA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETpVf4BzIw6+1FU0/WBgMWrLOn7YylfnpHDCT6iyL+fFbjvyuKokzJPYMew1qEsFyKTxiWmS9CRywG8nZKqCLCQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ad b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ad new file mode 100644 index 00000000000..b07444bf4b1 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ad @@ -0,0 +1,21 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^AZ^A^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@Z^A^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 Z^A^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrZ^A^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMZ^A^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyZ^A^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@Z^A^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@O^^^@Z^A^@,˵^TCv7!.!^Hb]Fm^I-o֢fj^Mo^HOLx)^@Z^A^A,dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 Z^A^@^@^AbidX@O^^,˵^TCv7!.!^Hb]Fm^I-o֢fjZ^A^@^Mo^HOLx),dtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YDZ^A^AA,K!^@^@^@^@^K^CXG0E^B gTn]60+^R+|6^Z^ZZ}^L1^^V^IS^B!^@^]Z^A^B:N~P8wj%?ӷ^TP^N^J^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@Z^A^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 Z^A^@Q^@^A^A^B^C8^X ^A!X #^X^@80:R^K;^Pi^YR+\"X ]X^X,}Z^A^@y^M.i^BX7^M#^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 9 ^@Z^A^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@Z^A^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A%}9&S/|^@Z^A^A^^^ZSz^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 78 Z^A^@5^@^BX0T^_y5:('^N95^_Eec2^K^S^O<^^r#^J^I'^@^@^@^@ +w 2 ^@Z^A^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@O^^^@Z^A^@,˵^TCv7!.!^Hb]Fm^I-o֢fj^Mo^HOLx)^@Z^A^A,dtypejpublic-key^Ebup^FX wTWoC!={@Q7}O'66'^@Z^A^B^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 274 Z^A^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 Z^A^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 291 Z^A^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 Z^A^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 Z^A^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 Z^A^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 Z^A^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 78 Z^A^@^@^AbidX@O^^,˵^TCv7!.!^Hb]Fm^I-o֢fjZ^A^@^Mo^HOLx),dtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YDZ^A^AA,K!^E^@^@^@^N^CXH0F^B!^@^Vt]u{p$Ծ^J,?5^GMeab5^B!^@Z^A^B^[<^GGc~JSP^L7^M^P^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ipa b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ipa new file mode 100755 index 00000000000..9ac4f1a1873 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ipa @@ -0,0 +1,21 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A'L^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@'L^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 'L^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr'L^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM'L^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key'L^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@'L^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^E^@'L^@Il58EXZ3^Q^M^B^[M܁#6ve^I;Y^KlkVǧY`1T^NNJ^@'L^A^Qdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 'L^@^@^AbidX@^EIl58EXZ3^Q^M^B^[M܁#6ve^I;Y^KlkV'L^@ǧY`1T^NNJ^Qdtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/o'L^AC}.[^@^@^@^@^]^CXG0E^B!^@^B%_n^Jyy^Cz12*9^B t^Y''L^B)UXZ1jaХ^KiF^A^`Y^O+^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@'L^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 'L^@Q^@^A^A^B^C8^X ^A!X #^X^@80:R^K;^Pi^YR+\"X ]X^X,}'L^@y^M.i^BX7^M#^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@'L^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@'L^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A%}9&S/|^@'L^A^^^ZSz^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 81 'L^@5^@^BX0;!Jmb4GJ0u;als^^@gp^Q`^]^XLl5^@^@^@^@ +w 1 ^@'L^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^E^@'L^@Il58EXZ3^Q^M^B^[M܁#6ve^I;Y^KlkVǧY`1T^NNJ^@'L^A^Qdtypejpublic-key^Ebup^FX wTWoC!={@Q7}O'66^@'L^B'^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 207 'L^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 'L^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 'L^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 'L^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 'L^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 'L^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 'L^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 148 'L^@^@^AbidX@^EIl58EXZ3^Q^M^B^[M܁#6ve^I;Y^KlkV'L^@ǧY`1T^NNJ^Qdtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/o'L^AC}.[^E^@^@^@^_^CXG0E^B r_a"1[?kLF^I*h^B!^@^U'L^BjZ-^]^`M73It8;r6$W^L^H^L^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ldap b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ldap new file mode 100644 index 00000000000..2ecea3a4298 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ldap @@ -0,0 +1,23 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A^FX^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^FX^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^FX^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^FX^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^FX^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^FX^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^FX^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@#TVV^@^FX^@C3z'#]7 4P^^U# f.Y0!ߙ^^C5//y!]^^^R^X(֛d^@^FX^Atypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 ^FX^@^@^AbidX@#TVVC3z'#]7 4P^^U# f.Y0!ߙ^^C5//y^FX^@!]^^^R^X(֛dtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^FX^A]l^U^J^H^@^@^@^@^Z^CXG0E^B ^@^K^^6s^W^_tH$6B@^B$E8X^B!^@u^FX^B?^`'^Bb:rlb^[HP^_^]p^A$m^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 8 ^@^FX^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^FX^@Q^@^A^A^B^C8^X ^A!X ^TOig^Yy#:H^DkC4QZ2"X ڕl&^FX^@z~׉:t.םv^G^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 8 ^@^FX^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^FX^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A] ݨO6!^@^FX^Aҋ:^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 78 ^FX^@5^@^BX0^TT$^PeZ砣W^M/^M\gBe^A^]ZCk^_4u^@^@^@^@ +w 2 ^@^FX^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@#TVV^@^FX^@C3z'#]7 4P^^U# f.Y0!ߙ^^C5//y!]^^^R^X(֛d^@^FX^Atypejpublic-key^Ebup^FX H>0$^H`^[4:^B~?|7]2y^@,&^G^B^@ +r 224 ^FX^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 ^FX^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^FX^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^FX^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 ^FX^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 ^FX^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 ^FX^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 ^FX^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 ^FX^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 247 ^FX^@^@^AbidX@#TVVC3z'#]7 4P^^U# f.Y0!ߙ^^C5//y^FX^@!]^^^R^X(֛dtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^FX^A]l^U^J^H^E^@^@^@^^^CXG0E^B ^Dq)qFlb@Z^_%RY^B^N<^B!^@m.^FX^BؙM^`I:^`^F1^Ht^K\9'ȁ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.samba b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.samba new file mode 100644 index 00000000000..9ecebaa57d5 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.samba @@ -0,0 +1,20 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^AC^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@C^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 C^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrC^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMC^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyC^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@C^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@C^@^Qso|4W^Gcp^PF^KA%ȃ#f^VeXx8]'X=uG8<sNk3^DA^@C^AGIdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 C^@^@^AbidX@^Qso|4W^Gcp^PF^KA%ȃ#f^VeXx8]'X=uG8㶼C^@<sNk3^DAGIdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>C^A`^_W^@^@^@^@^R^CXH0F^B!^@I-)^[Y'Ӟ@^U^]Y^YJ!޺_s^Q^B!^@µC^BT$/IWb:NQN?V^VR^J4Q^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@C^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 C^@Q^@^A^A^B^C8^X ^A!X ⇡E^X׈@7KDBM^GuE^Ax^H!"X %$؃$^`C^@O{įD^]۷"^SARB1^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@C^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@C^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A|`'^@C^A։L^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 81 C^@5^@^BX0^XpC-U󒻎HƷ&uF@.%^EwCt^C^Uku^@^@^@^@ +w 1 ^@C^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@C^@^Qso|4W^Gcp^PF^KA%ȃ#f^VeXx8]'X=uG8<sNk3^DA^@C^AGIdtypejpublic-key^Ebup^FX wTWoC!={@Q7}O'^@C^B66'^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 273 C^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 C^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 C^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 C^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 C^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 C^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 29 C^@^@^AbidX@^Qso|4W^Gcp^PF^KA%ȃ#f^VeXx8]'X=uG8㶼C^@<sNk3^DAGIdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>C^A`^_W^E^@^@^@^V^CXH0F^B!^@#Oq^BN6nօ*\-NNT^B!^@^@C^BV^Bg^EV^^v|&}^P^Jd~^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ad b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ad new file mode 100644 index 00000000000..14742dc7858 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ad @@ -0,0 +1 @@ +passkey:1b8LadTPgg5ft9rO7rwKKnVHykg/C+HdYZafbjo+nRzJT6rSrUQy6cFNJtrtlT1aQlE2RG8CGtyUnwDe5PmI7w==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEseg+c9fRrg1HSKLjLfHSCa5XvOXupKMRVyPIANvNeGZUlzFmPnQHGCOdV67P+LwiwMy826OxfyteV8mQ3AaT1A== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ipa b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ipa new file mode 100644 index 00000000000..da9d6745ab4 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ipa @@ -0,0 +1 @@ +passkey:+0qQO2Y9yDMOeh3c/H+F4TiD0Jzy0TCxnwgEN2zmGxzAvdQN0ioR3PWq0YwC9MnjgsQjaSUA5clqRPbsFHM31Q==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmpRP/x6b2o2HB9wBRb+epX8h8OYtGsHbL2g+hoIgH0u0o+sv7aeyyuEkqy5rHtdxBc756K3NeNDO1bM0Gfmlrw== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ldap b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ldap new file mode 100644 index 00000000000..34d8008e3b0 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ldap @@ -0,0 +1 @@ +passkey:rJ1wNQ6Wvwk+Qte7maBHZSc/Qd5rkzxG3TmbjDjSoLyULWtE6J0rPNSsMTAkxGC6oNF6ckjGz1UlB/NaCc01rw==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJu80c+2oC6TN22PttrC10j5I+vkmBaqGXHvhIjot5HHbswUu6SDKD7K2VUoyMlnhsgGonkDv9vBJ91+jSAHbqg== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.samba b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.samba new file mode 100644 index 00000000000..86c0ceb2f8f --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.samba @@ -0,0 +1 @@ +passkey:WMYc/aX/9haCFPMZ2wjX05yzBUWFHdbpGXOcNH3gHobNDpmc76auqV3XGos8lRHtQLYM7DU2noCJGoceT9yU0Q==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETnTygfwhlcxipOKQtHIio5AzXvTGWxgQiGf/+tCGEVADuZlL+atxqPF6KUVJW0Xd6Ap0ZySiF78Vhs9c/E7/Mw== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user1 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user1 new file mode 100644 index 00000000000..22e9c14b10d --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user1 @@ -0,0 +1,21 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^ANy4^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@Ny4^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 Ny4^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrNy4^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMNy4^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyNy4^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@Ny4^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@տ^K^@Ny4^@iς^N_^J*uGH?^Kan:>^\OҭD2M&=ZBQ6Do^B^Zܔ^@^@Ny4^Adtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 Ny4^@^@^AbidX@տ^Kiς^N_^J*uGH?^Kan:>^\OҭD2M&=ZNy4^@BQ6Do^B^Zܔ^@dtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YDNy4^AA,K!^@^@^@^@^G^CXG0E^B ^R^P!^G#ۛIT8'>^Rs8m7^L^Z^E%^B!^@̠BNy4^BjvP|\^`^^QnD"6>^V-^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 8 ^@Ny4^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 Ny4^@Q^@^A^A^B^C8^X ^A!X n^O^Y^D[T)^]^NBopaK"X =^R/^UNy4^@UJA;;^P"c^GZ^[^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@Ny4^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@Ny4^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^ZY>^@Ny4^Az^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 Ny4^@5^@^BX0M^A`^W^C^T^J1G^@(^A^C^ZΊ}c:^]^E^_|^@^@^@^@ +w 3 ^@Ny4^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@տ^K^@Ny4^@iς^N_^J*uGH?^Kan:>^\OҭD2M&=ZBQ6Do^B^Zܔ^@^@Ny4^Adtypejpublic-key^Ebup^FX ^A^F}5WTGylg%}^R_^Dї c^@Ny4^B^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 204 Ny4^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 Ny4^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 Ny4^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 Ny4^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 Ny4^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 Ny4^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 Ny4^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 76 Ny4^@^@^AbidX@տ^Kiς^N_^J*uGH?^Kan:>^\OҭD2M&=ZNy4^@BQ6Do^B^Zܔ^@dtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YDNy4^AA,K!^E^@^@^@^K^CXG0E^B!^@^[*G%Ir^B^JQR^Pm^S^V^B^B ^B^JNy4^Bɐ؂ҡ͵劻Ψ|"{<^B氋^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user2 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user2 new file mode 100644 index 00000000000..e72e148f0f0 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user2 @@ -0,0 +1,18 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A{^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@{^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 {^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr{^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM{^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key{^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@{^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@տ^K^@{^@iς^N_^J*uGH?^Kan:>^\OҭD2M&=ZBQ6Do^B^Zܔ^@^@{^Adtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 {^@^@^AbidX@տ^Kiς^N_^J*uGH?^Kan:>^\OҭD2M&=Z{^@BQ6Do^B^Zܔ^@dtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD{^AA,K!^@^@^@^@^M^CXG0E^B!^@׼9;#(sWp42v^OpX^U_6R^B b^J{^Bs^P.PwI<qҒ^Kgf^N^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 8 ^@{^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 {^@Q^@^A^A^B^C8^X ^A!X n^O^Y^D[T)^]^NBopaK"X =^R/^U{^@UJA;;^P"c^GZ^[^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@{^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@{^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^ZY>^@{^Az^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 {^@5^@^BX0@gw$#+C^Oe^P^Tqk]Ţ2V^\^A\^F^WCeH&T^@^@^@^@ +w 3 ^@{^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@տ^K^@{^@iς^N_^J*uGH?^Kan:>^\OҭD2M&=ZBQ6Do^B^Zܔ^@^@{^Adtypejpublic-key^Ebup^FX ^A^F}5WTGylg%}^R_^Dї c^@{^B^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 221 {^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 {^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 {^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 {^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 78 {^@^@^AbidX@տ^Kiς^N_^J*uGH?^Kan:>^\OҭD2M&=Z{^@BQ6Do^B^Zܔ^@dtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD{^AA,K!^E^@^@^@^O^CXG0E^B p^XAh(Cz^`ڨF^Y.[S)\W^R^X^B!^@/^Z{^BoX^I,2¶j+֍^`y^I􇴫^Q^P^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user3 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user3 new file mode 100644 index 00000000000..a50f4cae572 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user3 @@ -0,0 +1,20 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A9H^N^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@9H^N^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 9H^N^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr9H^N^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM9H^N^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key9H^N^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@9H^N^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@տ^K^@9H^N^@iς^N_^J*uGH?^Kan:>^\OҭD2M&=ZBQ6Do^B^Zܔ^@^@9H^N^Adtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 9H^N^@^@^AbidX@տ^Kiς^N_^J*uGH?^Kan:>^\OҭD2M&=Z9H^N^@BQ6Do^B^Zܔ^@dtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD9H^N^AA,K!^@^@^@^@^P^CXH0F^B!^@^[^M^Hg؄+Q<˦;tFb^B!^@ڇ9H^N^Bl-^^sT^@C=}suf^Mk^Z7.^Y_|^IG^Q6^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@9H^N^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 9H^N^@Q^@^A^A^B^C8^X ^A!X n^O^Y^D[T)^]^NBopaK"X =^R/^U9H^N^@UJA;;^P"c^GZ^[^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@9H^N^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@9H^N^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^ZY>^@9H^N^Az^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 9H^N^@5^@^BX0^F6{Ƶ(5^C^K^P{DNҁ%w~^XkK^Ub^ZW^@^@^@^@ +w 1 ^@9H^N^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@տ^K^@9H^N^@iς^N_^J*uGH?^Kan:>^\OҭD2M&=ZBQ6Do^B^Zܔ^@^@9H^N^Adtypejpublic-key^Ebup^FX ^A^F}5WTGylg%}^R_^Dї c^@9H^N^B^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 259 9H^N^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 9H^N^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 9H^N^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 9H^N^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 9H^N^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 9H^N^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 268 9H^N^@^@^AbidX@տ^Kiς^N_^J*uGH?^Kan:>^\OҭD2M&=Z9H^N^@BQ6Do^B^Zܔ^@dtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD9H^N^AA,K!^E^@^@^@^R^CXF0D^B ^V^C^DNnD)P^C3c|^Fd?D6Y^Ds^B ^Ca^\^N9H^N^B4_$J^S^]Rq׆x@^Vy8L^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user1 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user1 new file mode 100644 index 00000000000..6d55fdb1fb6 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user1 @@ -0,0 +1,22 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A$^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@$^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 $^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr$^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM$^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key$^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@$^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@J^@$^@;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^B#i%^@jD^T^@$^As7dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 $^@^@^AbidX@J;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^B$^@#i%^@jD^Ts7dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/o$^AC}.[^@^@^@^@^W^CXG0E^B "*^`^Uɛ^_^FEyp.^K^Tܼ;^Z^B!^@a9Ԡ$^BT{}VZ^H{y^XN>[_Ц^E^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 8 ^@$^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 $^@Q^@^A^A^B^C8^X ^A!X ^TOig^Yy#:H^DkC4QZ2"X ڕl&֠$^@z~׉:t.םv^G^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@$^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@$^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A] ݨO6!^@$^Aҋ:^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 $^@5^@^BX0!=P[<\M^LC'^`%^L^Y^WI(Qi]^In‡%C#^@^@^@^@ +w 1 ^@$^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@J^@$^@;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^B#i%^@jD^T^@$^As7dtypejpublic-key^Ebup^FX H>0$^H`^[4:^B~?|7]2y^@,^@$^B&^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 295 $^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 $^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 $^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 291 $^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 $^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 $^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 $^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 $^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 $^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@$^@^@^AbidX@J;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^B$^@#i%^@jD^Ts7dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/o$^AC}.[^E^@^@^@^Y^CXF0D^B ="U=$^[^F^N$^AA^HsF0ۢ^B W^AP$^Bw^XtJn5^Y%^K> Iw^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user2 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user2 new file mode 100644 index 00000000000..0dd6f4109a4 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user2 @@ -0,0 +1,23 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^AK^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@K^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 K^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrK^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMK^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyK^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@K^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@J^@K^@;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^B#i%^@jD^T^@K^As7dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 K^@^@^AbidX@J;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^BK^@#i%^@jD^Ts7dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/oK^AC}.[^@^@^@^@^\^CXG0E^B (ba4^L^XrB_o1Ԋ^AJ^E9^N[^_!^W^B!^@s^D*K^B$^N^H^[)^[I^X'p^Y0^I]<j)^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 8 ^@K^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 K^@Q^@^A^A^B^C8^X ^A!X ^TOig^Yy#:H^DkC4QZ2"X ڕl&ֵK^@z~׉:t.םv^G^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@K^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@K^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A] ݨO6!^@K^Aҋ:^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 K^@5^@^BX0UɠٽiMv,raP),^F'^OE9gC6}Ni^U^@^@^@^@ +w 3 ^@K^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@J^@K^@;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^B#i%^@jD^T^@K^As7dtypejpublic-key^Ebup^FX H>0$^H`^[4:^B~?|7]2y^@,^@K^B&^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 231 K^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 K^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 K^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 K^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 K^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 K^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 K^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 K^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 K^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 54 K^@^@^AbidX@J;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^BK^@#i%^@jD^Ts7dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/oK^AC}.[^E^@^@^@^^^CXF0D^B Wp^_rJNJS^_^Y"&}w$^_^B #+ᏵK^B>^Co^_U^]m^X^ID^LяǺI9%^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user3 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user3 new file mode 100644 index 00000000000..c4761f29517 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user3 @@ -0,0 +1,21 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A^O^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^O^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^O^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^O^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^O^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^O^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^O^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@J^@^O^@;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^B#i%^@jD^T^@^O^As7dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 ^O^@^@^AbidX@J;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^B^O^@#i%^@jD^Ts7dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/o^O^AC}.[^@^@^@^@ ^CXF0D^B cL"^Pht}W^]WI0^O[c$^B ^D1^]^O^B^M^P{w +^V^R^`KlI^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@^O^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^O^@Q^@^A^A^B^C8^X ^A!X ^TOig^Yy#:H^DkC4QZ2"X ڕl&^O^@z~׉:t.םv^G^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@^O^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^O^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A] ݨO6!^@^O^Aҋ:^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 ^O^@5^@^BX0fGt:i^URJ^M`@^WjώD*Tk^U^]^FV^FFRm^SR^@^@^@^@ +w 4 ^@^O^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@J^@^O^@;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^B#i%^@jD^T^@^O^As7dtypejpublic-key^Ebup^FX H>0$^H`^[4:^B~?|7]2y^@,^@^O^B&^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 202 ^O^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^O^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^O^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 ^O^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 ^O^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^O^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 ^O^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 173 ^O^@^@^AbidX@J;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^B^O^@#i%^@jD^Ts7dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/o^O^AC}.[^E^@^@^@#^CXF0D^B <p^I=7^K^VJe^W^H^W?v^ITf^B +'^W^O^B^K=C2^Pz?jzhK^H^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user1 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user1 new file mode 100644 index 00000000000..14f5bd96b8a --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user1 @@ -0,0 +1,21 @@ +d 0 /dev/hidraw1 + +w 2 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^AHqeH^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@HqeH^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 HqeH^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrHqeH^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMHqeH^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyHqeH^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@HqeH^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@p5^N^@HqeH^@^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`zrHU%^GZ^I5d^@HqeH^Atypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 HqeH^@^@^AbidX@p5^N^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`HqeH^@zrHU%^GZ^I5dtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,HqeH^A]l^U^J^H^@^@^@^@^F^CXG0E^B ]#^W^Jǂ^INPWu\GD"ڈ^Z^B!^@^RHqeH^BTnx]^E/^]^Km魩^N}^F*W^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@HqeH^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 HqeH^@Q^@^A^A^B^C8^X ^A!X E$^\^O:d^\v~U^S}q۾^MN^^L^X"X :^PHqeH^@>X_^E$^]^G+^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@HqeH^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@HqeH^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A8u^JD^]9^@HqeH^A}^`0^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 HqeH^@5^@^BX0|Ê^B£uI^Nuy|^^^\7^OǕK\8#Z^D1^A=^@^@^@^@ +w 1 ^@HqeH^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@p5^N^@HqeH^@^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`zrHU%^GZ^I5d^@HqeH^Atypejpublic-key^Ebup^FX ^A^F}5WTGylg%}^R_^Dї c^G^B^@ +r 287 HqeH^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 HqeH^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 HqeH^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 HqeH^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 HqeH^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 HqeH^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 HqeH^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 244 HqeH^@^@^AbidX@p5^N^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`HqeH^@zrHU%^GZ^I5dtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,HqeH^A]l^U^J^H^E^@^@^@^I^CXF0D^B G^N.ݼr5^YiH@XeȔN^@^F^E$"0^B ^_'^H^`HqeH^B<Xs^M!(+{cVc͑^KƂ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user2 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user2 new file mode 100644 index 00000000000..a01452bce79 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user2 @@ -0,0 +1,20 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A|++^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@|++^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 |++^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr|++^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM|++^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key|++^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@|++^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@p5^N^@|++^@^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`zrHU%^GZ^I5d^@|++^Atypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 |++^@^@^AbidX@p5^N^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`|++^@zrHU%^GZ^I5dtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,|++^A]l^U^J^H^@^@^@^@^M^CXG0E^B =&onW,F`ͺ@C^U^^)}}^B!^@[^B|++^B^N>R?M^Z7|P^S^YQ^^jy#Jo^Q^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@|++^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 |++^@Q^@^A^A^B^C8^X ^A!X E$^\^O:d^\v~U^S}q۾^MN^^L^X"X :^P|++^@>X_^E$^]^G+^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@|++^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@|++^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A8u^JD^]9^@|++^A}^`0^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 |++^@5^@^BX0i׃`)^AzUgJp봳^O^^^_䉼6ƒt~^W~^Q^XR8Cd??F^H^@^@^@^@ +w 1 ^@|++^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@p5^N^@|++^@^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`zrHU%^GZ^I5d^@|++^Atypejpublic-key^Ebup^FX ^A^F}5WTGylg%}^R_^Dї c^G^B^@ +r 243 |++^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 |++^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 |++^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 |++^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 |++^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 |++^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 150 |++^@^@^AbidX@p5^N^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`|++^@zrHU%^GZ^I5dtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,|++^A]l^U^J^H^E^@^@^@^P^CXG0E^B p:^\C~q[^Z&^TLg>^B!^@|++^ByJ{>Tֆ^FF^\^@;Xf^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user3 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user3 new file mode 100644 index 00000000000..e4530f667b2 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user3 @@ -0,0 +1,20 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^AS^\^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@S^\^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 S^\^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrS^\^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMS^\^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyS^\^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 3 ^@S^\^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@p5^N^@S^\^@^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`zrHU%^GZ^I5d^@S^\^Atypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 S^\^@^@^AbidX@p5^N^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`S^\^@zrHU%^GZ^I5dtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,S^\^A]l^U^J^H^@^@^@^@^T^CXG0E^B ^DS^G^QM;+'^YOvJ=:}=^B!^@^Z٧S^\^Bpoe^JmG_G^GL^Q>fqZ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 8 ^@S^\^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 S^\^@Q^@^A^A^B^C8^X ^A!X E$^\^O:d^\v~U^S}q۾^MN^^L^X"X :^PS^\^@>X_^E$^]^G+^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@S^\^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@S^\^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A8u^JD^]9^@S^\^A}^`0^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 78 S^\^@5^@^BX0SUS;ʛ^G^G^P^NF-6Y^Fs^]t0k^U}mߛ+^J^@^@^@^@ +w 2 ^@S^\^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@p5^N^@S^\^@^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`zrHU%^GZ^I5d^@S^\^Atypejpublic-key^Ebup^FX ^A^F}5WTGylg%}^R_^Dї c^G^B^@ +r 203 S^\^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 S^\^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 291 S^\^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 S^\^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 S^\^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 S^\^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 125 S^\^@^@^AbidX@p5^N^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`S^\^@zrHU%^GZ^I5dtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,S^\^A]l^U^J^H^E^@^@^@^U^CXG0E^B t^Srih3^]t^H^E^[^E^N^To{E^F^B!^@˰pS^\^B^\j]^T,n^V ^CiuK\^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user1 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user1 new file mode 100644 index 00000000000..11b7860ca47 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user1 @@ -0,0 +1,22 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A'N^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@'NԐ^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 'NԐ^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr'N^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM'N^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key'N^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@'NԐ^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@'N^@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Q@^L56^Z^@'N^A^^Oܔdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 'NԐ^@^@^AbidX@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Q'N^@@^L56^Z^^Oܔdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>'N^A`^_W^@^@^@^@^J^CXG0E^B L4.&7.^K։t^L^@[=q;^FB^E^_:%^B!^@_'N^BN^\jaϾXl^F^_٥̟0+^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@'NԐ^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 'NԐ^@Q^@^A^A^B^C8^X ^A!X n^O^Y^D[T)^]^NBopaK"X =^R/^U'N^@UJA;;^P"c^GZ^[^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@'NԐ^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@'N^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^ZY>^@'N^Az^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 'NԐ^@5^@^BX0^G^L^BZ1m'sZgkDh^V^Q-^TS^WD^@^@^@^@ +w 1 ^@'NԐ^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@'N^@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Q@^L56^Z^@'N^A^^Oܔdtypejpublic-key^Ebup^FX ^A^F}5WTGylg%}^R_^Dї ^@'N^Bc^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 211 'NԻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 'NԻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 'NԻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 'NԻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 'NԻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 'NԻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 'NԻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 'NԻ^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 28 'NԐ^@^@^AbidX@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Q'N^@@^L56^Z^^Oܔdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>'N^A`^_W^E^@^@^@^L^CXG0E^B ^FI^KYoTI%^]OrN|^RZx>&^B!^@:'N^BIҢ&^Otl^F_y.^A2^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user2 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user2 new file mode 100644 index 00000000000..f9e2a6a99b0 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user2 @@ -0,0 +1,19 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A5ގ^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@5ގ^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 5ގ^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr5ގ^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM5ގ^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key5ގ^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@5ގ^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@5ގ^@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Q@^L56^Z^@5ގ^A^^Oܔdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 5ގ^@^@^AbidX@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Q5ގ^@@^L56^Z^^Oܔdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>5ގ^A`^_W^@^@^@^@^M^CXH0F^B!^@hP^J-^PgS\ƩI^E8t^]^B^P#^\^B!^@ډ^Y5ގ^BIppz4E"^D^X91^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@5ގ^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 5ގ^@Q^@^A^A^B^C8^X ^A!X n^O^Y^D[T)^]^NBopaK"X =^R/^U5ގ^@UJA;;^P"c^GZ^[^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@5ގ^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@5ގ^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^ZY>^@5ގ^Az^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 5ގ^@5^@^BX0n^DlҵRJ^_D^R^X^PT;s!7u^Ae?/q*N$Q#^@k^@^@^@^@ +w 1 ^@5ގ^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@5ގ^@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Q@^L56^Z^@5ގ^A^^Oܔdtypejpublic-key^Ebup^FX ^A^F}5WTGylg%}^R_^Dї ^@5ގ^Bc^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 245 5ގ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 5ގ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 5ގ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 5ގ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 5ގ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 196 5ގ^@^@^AbidX@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Q5ގ^@@^L56^Z^^Oܔdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>5ގ^A`^_W^E^@^@^@^P^CXH0F^B!^@<^A^Xëwta-^E{c}^\>^Tr]CgPU^B!^@;^@5ގ^B^Ke^F^L^S#dEv%0^KIB%mx^I^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user3 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user3 new file mode 100644 index 00000000000..67b9ac30848 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user3 @@ -0,0 +1,18 @@ +d 0 /dev/hidraw1 + +w 2 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^Al^TD^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@l^TD^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 l^TD^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrl^TD^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMl^TD^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyl^TD^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@l^TD^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@l^TD^@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Q@^L56^Z^@l^TD^A^^Oܔdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 l^TD^@^@^AbidX@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Ql^TD^@@^L56^Z^^Oܔdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>l^TD^A`^_W^@^@^@^@^Q^CXG0E^B "pɟ"msT.ο\^`8?g^R[5^J^B!^@l^TD^Bt"[^C^CRWe^L)%^N7B^UI~^L@-ֺ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@l^TD^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 l^TD^@Q^@^A^A^B^C8^X ^A!X n^O^Y^D[T)^]^NBopaK"X =^R/^Ul^TD^@UJA;;^P"c^GZ^[^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@l^TD^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@l^TD^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^ZY>^@l^TD^Az^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 l^TD^@5^@^BX0^Q^Kj^A;l^Ff3+HP^QǺ^^A^C]^C[.ǰL<FhkiA^RA5^@^@^@^@ +w 1 ^@l^TD^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@l^TD^@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Q@^L56^Z^@l^TD^A^^Oܔdtypejpublic-key^Ebup^FX ^A^F}5WTGylg%}^R_^Dї ^@l^TD^Bc^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 245 l^TD^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 l^TD^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 l^TD^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 l^TD^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 244 l^TD^@^@^AbidX@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Ql^TD^@@^L56^Z^^Oܔdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>l^TD^A`^_W^E^@^@^@^T^CXG0E^B J^Mc7>^_:^Gh>^F^LN)^\0^B!^@U\l^TD^BJC^J`Wj^Nw^Jmo^I^CL^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ad b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ad new file mode 100644 index 00000000000..09d9143aa26 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ad @@ -0,0 +1 @@ +passkey:gTCY4fqy2IkM6hfMpU338SCmA5YpDpggvE/XQzwbv37wlyYVlkbLRSmBtaq9c72pWYgICpP2pQ4nHRSFL2EnWg==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOtoQygv+wabIV8/48bdy5d0Wx9+q3kMrgd1buJVaM5XZqccQIC8CGr2pE3dPui9HgDiXrMH9Jp0W37hzHkoN0Q== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ipa b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ipa new file mode 100644 index 00000000000..e529e2ee905 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ipa @@ -0,0 +1 @@ +passkey:NUZMRUXIb/W8Ij1GqwCDHSCWxt/SxWxckwtQjLYi/X6Y1qZFB+HI8WO6khzAjzsz248kHbaeAf9qfmqfCky1Jg==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIasAa8ogjPCKXeA4KY3t0W3xBRmG+E4D+MNoRIAJrYuNLSYtAcOL7DCbIfgc+7c5Y4Mh/FzoEyeumKGYMoyTfg== \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ldap b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ldap new file mode 100644 index 00000000000..27dbfd9af40 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ldap @@ -0,0 +1 @@ +passkey:mQEUTWdtDJPELQNTDdxXNHlfIO1qXFf0LVZjWEfyDALFzvLZ4e4XD5bemqq+o3ThrzT6k1I1n3Z2N00GvLSmjQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqk7K5VAI7Evr4ar8X82L/sxm/Bnm5Ti31xnLfGO0BipwHucw8+/wT4+6T9j5gdMwZKUcXR4BILpmULEyrcZUfw== \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.samba b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.samba new file mode 100644 index 00000000000..dcb10169614 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.samba @@ -0,0 +1 @@ +passkey:hC0IJlIg4qam+vV70L15N1a8xVgha+0S6G7Z8HgHmIgB9lKqxbMhd0PRdEgMbhLDr7wSKIGXLqz+SDL0SWwmMA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWSie9EywMxDpJFfZ0BxSTj6clviNWvRKTpBXS34TW+CtZnbYRBVmWTFX15gcNtyLI+tObWR0jcYmIoJGFy4oEQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ad b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ad new file mode 100644 index 00000000000..35230af49bc --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ad @@ -0,0 +1,19 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A^Y^Zo^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^Y^Zo^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^Y^Zo^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^Y^Zo^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^Y^Zo^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^Y^Zo^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^Y^Zo^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@0^@^Y^Zo^@؉^L^W̥M ^C)^N OC<^[~&^UFE)sY^H^J^N'^]^T/a^@^Y^Zo^A'Zdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 ^Y^Zo^@^@^AbidX@0؉^L^W̥M ^C)^N OC<^[~&^UFE)s^Y^Zo^@Y^H^J^N'^]^T/a'Zdtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD^Y^Zo^AA,K!^@^@^@^@^I^CXG0E^B!^@m\^C!t:Ý|^^QS#l=^J^B z'ǯ^Y^Zo^B[?^\[^R^FCB_>p^Te%õpj^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@^Y^Zo^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^Y^Zo^@Q^@^A^A^B^C8^X ^A!X 44^X^K0@g(^T^OZQ7^Do"X &i^\df^Y^Zo^@^O^_^O^L*U.^Y1`oAw^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@^Y^Zo^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^Y^Zo^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^AB@DM^@&ʺ^@^Y^Zo^Aژ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 ^Y^Zo^@5^@^BX0$Q^B^G1_`dr^M3kZ^JDyQѫ"-^Q L^J^Ro^^'^@^@^@^@ +w 4 ^@^Y^Zo^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@0^@^Y^Zo^@؉^L^W̥M ^C)^N OC<^[~&^UFE)sY^H^J^N'^]^T/a^@^Y^Zo^A'Zdtypejpublic-key^Ebup^FX ]uր^V)e&$r^@*k>^@^Y^Zo^B^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 244 ^Y^Zo^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^Y^Zo^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^Y^Zo^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^Y^Zo^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^Y^Zo^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^Y^Zo^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^Y^Zo^@^@^AbidX@0؉^L^W̥M ^C)^N OC<^[~&^UFE)s^Y^Zo^@Y^H^J^N'^]^T/a'Zdtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD^Y^Zo^AA,K!^E^@^@^@^M^CXF0D^B CpQl^S];[(Ei#{"BY^Uܥ^B^B ;']>^Y^Zo^B^A^F^]?u;࿙^U߄9^O^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ipa b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ipa new file mode 100644 index 00000000000..1bc651a4465 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ipa @@ -0,0 +1,22 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^Ap^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@p^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 p^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrp^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMp^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyp^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@p^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@5F^@p^@LEEo"=F^@^] l\^KP"~֦E^Gc^\;3ۏ$^]^Aj~j^J^@p^AL&dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 p^@^@^AbidX@5FLEEo"=F^@^] l\^KP"~֦E^Gc^\;3p^@ۏ$^]^Aj~j^JL&dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/op^AC}.[^@^@^@^@^X^CXG0E^B!^@m$^MJ*;\^V=tjx9cа,^B kYp^B^_^GnrT": *^L^Rwr]!Zxf^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@p^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 p^@Q^@^A^A^B^C8^X ^A!X ^_9;^CEBQ&(W3h^]F^A%"X ^^s5p^@o6^@izdF m+35^P^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@p^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@p^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A2asչ^T"tw^@p^Aq^K^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 p^@5^@^BX0޺^Y<l^Qűk^B^A^`^Z^G^^^Fcޞ^Si^J^Erߨ]^@^@^@^@ +w 1 ^@p^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@5F^@p^@LEEo"=F^@^] l\^KP"~֦E^Gc^\;3ۏ$^]^Aj~j^J^@p^AL&dtypejpublic-key^Ebup^FX ȎRJs>7DB1f_о*^@p^BL^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 285 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 174 p^@^@^AbidX@5FLEEo"=F^@^] l\^KP"~֦E^Gc^\;3p^@ۏ$^]^Aj~j^JL&dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/op^AC}.[^E^@^@^@^\^CXG0E^B Eo]Wk%^H$-^W^BR^`x^P׀^B!^@ёqp^Bu9\^ZKR&>/͎[`t,^^eg^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ldap b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ldap new file mode 100644 index 00000000000..db026662951 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ldap @@ -0,0 +1,21 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A^S=^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^S=^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^S=^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^S=^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^S=^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^S=^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^S=^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^A^TMgm^@^S=^@^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt4R5vv7M^Fd^@^S=^Atypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 ^S=^@^@^AbidX@^A^TMgm^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt^S=^@4R5vv7M^Fdtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^S=^A]l^U^J^H^@^@^@^@^C^CXH0F^B!^@9}K:N^M^PraX^D^CxM^B!^@z^A^S=^B􊲳^P+q^@^P|^XM$Fw^]6P3^[wq^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@^S=^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^S=^@Q^@^A^A^B^C8^X ^A!X H^GTd^Aڒ8X^T<IEiwֹI^Y^I^IFsܺ"X <^AHS^S=^@6^N9^JU@^\k)W^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@^S=^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^S=^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^AoYqgNu'^T^@^S=^A^U^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 78 ^S=^@5^@^BX0RC^_K*"+f^`z;XO@"MM3\L$Ή^K+M^@^@^@^@ +w 2 ^@^S=^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^A^TMgm^@^S=^@^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt4R5vv7M^Fd^@^S=^Atypejpublic-key^Ebup^FX ('^H(rZf2>֞{^_uLd^S^G^B^@ +r 240 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^S=^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 28 ^S=^@^@^AbidX@^A^TMgm^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt^S=^@4R5vv7M^Fdtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^S=^A]l^U^J^H^E^@^@^@^G^CXF0D^B j8^M\:H^O@%qt(^\/Ǻ~$$!>;^B u^S=^B{9AbF6^Xs5^K*ywv^L^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.samba b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.samba new file mode 100644 index 00000000000..c0e02fac1ba --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.samba @@ -0,0 +1,24 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^Aj^J^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@j^Jː^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 j^Jː^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrj^J^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMj^J^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyj^J^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@j^Jː^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@j^J^@-^H&R ⦦{нy7VX!k^Rnx^G^ARų!wCtH^Ln^Rï^R(.H2^@j^J^AIl&0dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 j^Jː^@^@^AbidX@-^H&R ⦦{нy7VX!k^Rnx^G^ARų!wCtH^Ln^Rj^J^@^R(.H2Il&0dtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>j^J^A`^_W^@^@^@^@^I^CXF0D^B ^R^Q@^XvGB[9j+^C$^P/^V^Qdy^`^Bs7^B )<j^J^B^V) ]^An^@'^`<^AM+f^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@j^Jː^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 j^Jː^@Q^@^A^A^B^C8^X ^A!X nUȯQR"^Mt^B{mp^S!@0"X VM^`^V/j^J^@ڝ^D{g\#ղR8^B^P=!^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@j^Jː^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@j^J^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^Sֽq&^@j^J^A"ɇ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 78 j^Jː^@5^@^BX0d^Td^_l^]RLw^[^EӉ^^/Be^H+s%]^@^@^@^@ +w 2 ^@j^Jː^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@j^J^@-^H&R ⦦{нy7VX!k^Rnx^G^ARų!wCtH^Ln^Rï^R(.H2^@j^J^AIl&0dtypejpublic-key^Ebup^FX {RJ;^U4h^S^LT^]z^@j^J^B^\^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 220 j^J˻^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 291 j^J˻^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 j^J˻^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 j^J˻^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 j^J˻^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 j^J˻^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 291 j^J˻^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 j^J˻^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 j^J˻^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 j^J˻^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 246 j^Jː^@^@^AbidX@-^H&R ⦦{нy7VX!k^Rnx^G^ARų!wCtH^Ln^Rj^J^@^R(.H2Il&0dtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>j^J^A`^_W^E^@^@^@^L^CXF0D^B `Wo%^Q&-?g{^B_<@^V3@/l^B I^I&j^J^BH,\DW^^pEKb^Y%^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ad b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ad new file mode 100644 index 00000000000..58f3e1045d6 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ad @@ -0,0 +1 @@ +passkey:Wp075+YqPw9bn3UhyNUa1u0wu8I982JVRxR/cd3KRplwD12NweMI15fMSTclruHiTPdi7i7y9IRGbTRtDWPt4w==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEh+6kmCDkIaUiHUx1SobhNo7jP6wUJCBocQP9jxhpM/uBRKNXWUUKNMJwiOp0Nkj/OeSP2xdtLNazs4KEPBk15A== diff --git a/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ipa b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ipa new file mode 100644 index 00000000000..915689bd654 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ipa @@ -0,0 +1 @@ +passkey:NUZMRUXIb/W8Ij1GqwCDHSCWxt/SxWxckwtQjLYi/X6Y1qZFB+HI8WO6khzAjzsz248kHbaeAf9qfmqfCky1Jg==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIasAa8ogjPCKXeA4KY3t0W3xBRmG+E4D+MNoRIAJrYuNLSYtAcOL7DCbIfgc+7c5Y4Mh/FzoEyeumKGYMoyTfg== diff --git a/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ldap b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ldap new file mode 100644 index 00000000000..82d76d9b590 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ldap @@ -0,0 +1 @@ +passkey:mQEUTWdtDJPELQNTDdxXNHlfIO1qXFf0LVZjWEfyDALFzvLZ4e4XD5bemqq+o3ThrzT6k1I1n3Z2N00GvLSmjQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqk7K5VAI7Evr4ar8X82L/sxm/Bnm5Ti31xnLfGO0BipwHucw8+/wT4+6T9j5gdMwZKUcXR4BILpmULEyrcZUfw== diff --git a/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.samba b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.samba new file mode 100644 index 00000000000..f602626971f --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.samba @@ -0,0 +1 @@ +passkey:xYBuvCazxVg5VJ/D2yRI2/3ji86a+yft0W2S/BOF/pIZcwaxJLP1bZjWN7oJa3PP8p2N26yG2Erd90yIGOXocQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC1cAEJJW5SVDrCL62BYgtilv4DgkeiEXpNrdsMRk5+Iv5ddP6lgMH5hD98ddFlJX/YhEXdty6UibztVmgO7asQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ad b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ad new file mode 100644 index 00000000000..e9864e7f2da --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ad @@ -0,0 +1,19 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@Z;^@^@*?^O[u!^Z0=bUG^TqFp^O]^HחI7%Lb.Fm4m^Mc^@^Adtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 ^@^@^AbidX@Z;*?^O[u!^Z0=bUG^TqFp^O]^HחI7%^@Lb.Fm4m^Mcdtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD^AA,K!^@^@^@^@^T^CXG0E^B t.F^^^]^AG^U@]/<*r^On^Z^B!^@^KX^B4ߚ>nut^Z^EXWn^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 8 ^@^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@Q^@^A^A^B^C8^X ^A!X <H*!Ó^M!^S[;s1c^Z%^H"X _^K^NE<^@^Et[v^WG'ħS^[^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^Avz^IRZ^@^Ak^[+^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 ^@5^@^BX0k*|e^OK^S^QyЇkC@^R6mo!^QOfQ.^@^@^@^@ +w 1 ^@^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@Z;^@^@*?^O[u!^Z0=bUG^TqFp^O]^HחI7%Lb.Fm4m^Mc^@^Adtypejpublic-key^Ebup^FX 2^N^Czf^R^@^PZ^L^A:K^IUhT^A><I^@^B^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 251 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 52 ^@^@^AbidX@Z;*?^O[u!^Z0=bUG^TqFp^O]^HחI7%^@Lb.Fm4m^Mcdtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD^AA,K!^E^@^@^@^X^CXF0D^B ^N^A^Zb;u.^S^_v}v{^K'Y{^B 4^H^BɩXû^DAe3A'bU_^M`[Ay^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ipa b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ipa new file mode 100644 index 00000000000..1bc651a4465 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ipa @@ -0,0 +1,22 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^Ap^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@p^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 p^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrp^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMp^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyp^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@p^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@5F^@p^@LEEo"=F^@^] l\^KP"~֦E^Gc^\;3ۏ$^]^Aj~j^J^@p^AL&dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 p^@^@^AbidX@5FLEEo"=F^@^] l\^KP"~֦E^Gc^\;3p^@ۏ$^]^Aj~j^JL&dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/op^AC}.[^@^@^@^@^X^CXG0E^B!^@m$^MJ*;\^V=tjx9cа,^B kYp^B^_^GnrT": *^L^Rwr]!Zxf^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@p^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 p^@Q^@^A^A^B^C8^X ^A!X ^_9;^CEBQ&(W3h^]F^A%"X ^^s5p^@o6^@izdF m+35^P^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@p^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@p^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A2asչ^T"tw^@p^Aq^K^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 p^@5^@^BX0޺^Y<l^Qűk^B^A^`^Z^G^^^Fcޞ^Si^J^Erߨ]^@^@^@^@ +w 1 ^@p^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@5F^@p^@LEEo"=F^@^] l\^KP"~֦E^Gc^\;3ۏ$^]^Aj~j^J^@p^AL&dtypejpublic-key^Ebup^FX ȎRJs>7DB1f_о*^@p^BL^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 285 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 174 p^@^@^AbidX@5FLEEo"=F^@^] l\^KP"~֦E^Gc^\;3p^@ۏ$^]^Aj~j^JL&dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/op^AC}.[^E^@^@^@^\^CXG0E^B Eo]Wk%^H$-^W^BR^`x^P׀^B!^@ёqp^Bu9\^ZKR&>/͎[`t,^^eg^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ldap b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ldap new file mode 100644 index 00000000000..db026662951 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ldap @@ -0,0 +1,21 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A^S=^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^S=^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^S=^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^S=^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^S=^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^S=^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^S=^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^A^TMgm^@^S=^@^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt4R5vv7M^Fd^@^S=^Atypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 ^S=^@^@^AbidX@^A^TMgm^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt^S=^@4R5vv7M^Fdtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^S=^A]l^U^J^H^@^@^@^@^C^CXH0F^B!^@9}K:N^M^PraX^D^CxM^B!^@z^A^S=^B􊲳^P+q^@^P|^XM$Fw^]6P3^[wq^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@^S=^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^S=^@Q^@^A^A^B^C8^X ^A!X H^GTd^Aڒ8X^T<IEiwֹI^Y^I^IFsܺ"X <^AHS^S=^@6^N9^JU@^\k)W^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@^S=^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^S=^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^AoYqgNu'^T^@^S=^A^U^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 78 ^S=^@5^@^BX0RC^_K*"+f^`z;XO@"MM3\L$Ή^K+M^@^@^@^@ +w 2 ^@^S=^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^A^TMgm^@^S=^@^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt4R5vv7M^Fd^@^S=^Atypejpublic-key^Ebup^FX ('^H(rZf2>֞{^_uLd^S^G^B^@ +r 240 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^S=^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 28 ^S=^@^@^AbidX@^A^TMgm^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt^S=^@4R5vv7M^Fdtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^S=^A]l^U^J^H^E^@^@^@^G^CXF0D^B j8^M\:H^O@%qt(^\/Ǻ~$$!>;^B u^S=^B{9AbF6^Xs5^K*ywv^L^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.samba b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.samba new file mode 100644 index 00000000000..4c0b6e23e92 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.samba @@ -0,0 +1,19 @@ +d 0 /dev/hidraw1 + +w 1 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^An5^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@n5Ő^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 n5Ő^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrn5^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMn5^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyn5^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@n5Ő^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@n5^@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iks۬JL^@n5^A^Xqdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 n5Ő^@^@^AbidX@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iksn5^@۬JL^Xqdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>n5^A`^_W^@^@^@^@C^CXG0E^B ^]^TM^]^W4yZ٢@ޝ^@^B!^@(^HSn5^B^EV^]+^X3YW3C7HD^D$^\^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 4 ^@n5Ő^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 n5Ő^@Q^@^A^A^B^C8^X ^A!X $xܰXy,ҟ^E@~$h@^P"X }^V%^Ovpn5^@iu\E^M'^@@Υj.0bZ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 4 ^@n5Ő^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@n5^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^NV-Q^P^K^@n5^Ap^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 n5Ő^@5^@^BX0^L[{cHUK^@M^Rƫ^[gY[`b,u^F;1jBۀ^OŶ_^@^@^@^@ +w 3 ^@n5Ő^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@n5^@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iks۬JL +w 10 ^@n5^A^Xqdtypejpublic-key^Ebup^FX ^R~GؿB_],pSvA3*^Ut^@n5^B4^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 246 n5Ż^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 n5Ż^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 n5Ż^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 n5Ż^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 75 n5Ő^@^@^AbidX@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iksn5^@۬JL^Xqdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>n5^A`^_W^E^@^@^@F^CXH0F^B!^@/2^_1,,0^ABd^FKZ@m^B!^@^S&n5^BO|FoзN$<ˣ!W\^V^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/umockdev.device b/src/tests/system/data/test_passkey/umockdev.device new file mode 100644 index 00000000000..114e71f5d7b --- /dev/null +++ b/src/tests/system/data/test_passkey/umockdev.device @@ -0,0 +1,232 @@ +P: /devices/pci0000:00/0000:00:14.0/usb1/1-3/1-3:1.1/0003:1050:0407.0002/hidraw/hidraw1 +N: hidraw1 +E: DEVNAME=/dev/hidraw1 +E: MAJOR=241 +E: MINOR=1 +E: SUBSYSTEM=hidraw +A: dev=241:1\n +L: device=../../../0003:1050:0407.0002 +A: power/control=auto\n +A: power/runtime_active_time=0\n +A: power/runtime_status=unsupported\n +A: power/runtime_suspended_time=0\n + +P: /devices/pci0000:00/0000:00:14.0/usb1/1-3/1-3:1.1/0003:1050:0407.0002 +E: DRIVER=hid-generic +E: HID_ID=0003:00001050:00000407 +E: HID_NAME=Yubico YubiKey OTP+FIDO+CCID +E: HID_PHYS=usb-0000:00:14.0-3/input1 +E: HID_UNIQ= +E: MODALIAS=hid:b0003g0001v00001050p00000407 +E: SUBSYSTEM=hid +A: country=00\n +L: driver=../../../../../../../bus/hid/drivers/hid-generic +A: modalias=hid:b0003g0001v00001050p00000407\n +A: power/control=auto\n +A: power/runtime_active_time=0\n +A: power/runtime_status=unsupported\n +A: power/runtime_suspended_time=0\n +H: report_descriptor=06D0F10901A1010920150026FF007508954081020921150026FF00750895409102C0 + +P: /devices/pci0000:00/0000:00:14.0/usb1/1-3/1-3:1.1 +E: DEVTYPE=usb_interface +E: DRIVER=usbhid +E: INTERFACE=3/0/0 +E: MODALIAS=usb:v1050p0407d0543dc00dsc00dp00ic03isc00ip00in01 +E: PRODUCT=1050/407/543 +E: SUBSYSTEM=usb +E: TYPE=0/0/0 +A: authorized=1\n +A: bAlternateSetting= 0\n +A: bInterfaceClass=03\n +A: bInterfaceNumber=01\n +A: bInterfaceProtocol=00\n +A: bInterfaceSubClass=00\n +A: bNumEndpoints=02\n +L: driver=../../../../../../bus/usb/drivers/usbhid +L: firmware_node=../../../../../LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:2c/device:2d/device:30 +A: modalias=usb:v1050p0407d0543dc00dsc00dp00ic03isc00ip00in01\n +A: physical_location/dock=no\n +A: physical_location/horizontal_position=left\n +A: physical_location/lid=no\n +A: physical_location/panel=right\n +A: physical_location/vertical_position=lower\n +A: supports_autosuspend=1\n + +P: /devices/pci0000:00/0000:00:14.0/usb1/1-3 +N: bus/usb/001/002 +E: BUSNUM=001 +E: DEVNAME=/dev/bus/usb/001/002 +E: DEVNUM=002 +E: DEVTYPE=usb_device +E: DRIVER=usb +E: MAJOR=189 +E: MINOR=1 +E: PRODUCT=1050/407/543 +E: SUBSYSTEM=usb +E: TYPE=0/0/0 +A: authorized=1\n +A: avoid_reset_quirk=0\n +A: bConfigurationValue=1\n +A: bDeviceClass=00\n +A: bDeviceProtocol=00\n +A: bDeviceSubClass=00\n +A: bMaxPacketSize0=64\n +A: bMaxPower=30mA\n +A: bNumConfigurations=1\n +A: bNumInterfaces= 3\n +A: bcdDevice=0543\n +A: bmAttributes=80\n +A: busnum=1\n +A: configuration= +H: descriptors=12010002000000405010070443050102000109029600030100800F0904000001030101000921100100012247000705810308000A090401000203000000092110010001222200070504034000020705840340000209040200030B00000036210001000702000000A00F0000A00F00000000B0040000B0040000F60B00000000000000000000FE000400000C0000FFFF00000001070502024000000705820240000007058303080020 +A: dev=189:1\n +A: devnum=2\n +A: devpath=3\n +L: driver=../../../../../bus/usb/drivers/usb +L: firmware_node=../../../../LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:2c/device:2d/device:30 +A: idProduct=0407\n +A: idVendor=1050\n +A: ltm_capable=no\n +A: manufacturer=Yubico\n +A: maxchild=0\n +A: physical_location/dock=no\n +A: physical_location/horizontal_position=left\n +A: physical_location/lid=no\n +A: physical_location/panel=right\n +A: physical_location/vertical_position=lower\n +L: port=../1-0:1.0/usb1-port3 +A: power/active_duration=9041365\n +A: power/autosuspend=2\n +A: power/autosuspend_delay_ms=2000\n +A: power/connected_duration=9041365\n +A: power/control=on\n +A: power/level=on\n +A: power/persist=1\n +A: power/runtime_active_time=9041123\n +A: power/runtime_status=active\n +A: power/runtime_suspended_time=0\n +A: product=YubiKey OTP+FIDO+CCID\n +A: quirks=0x0\n +A: removable=removable\n +A: rx_lanes=1\n +A: speed=12\n +A: tx_lanes=1\n +A: urbnum=1850\n +A: version= 2.00\n + +P: /devices/pci0000:00/0000:00:14.0/usb1 +N: bus/usb/001/001 +E: BUSNUM=001 +E: DEVNAME=/dev/bus/usb/001/001 +E: DEVNUM=001 +E: DEVTYPE=usb_device +E: DRIVER=usb +E: MAJOR=189 +E: MINOR=0 +E: PRODUCT=1d6b/2/601 +E: SUBSYSTEM=usb +E: TYPE=9/0/1 +A: authorized=1\n +A: authorized_default=1\n +A: avoid_reset_quirk=0\n +A: bConfigurationValue=1\n +A: bDeviceClass=09\n +A: bDeviceProtocol=01\n +A: bDeviceSubClass=00\n +A: bMaxPacketSize0=64\n +A: bMaxPower=0mA\n +A: bNumConfigurations=1\n +A: bNumInterfaces= 1\n +A: bcdDevice=0601\n +A: bmAttributes=e0\n +A: busnum=1\n +A: configuration= +H: descriptors=12010002090001406B1D020001060302010109021900010100E0000904000001090000000705810304000C +A: dev=189:0\n +A: devnum=1\n +A: devpath=0\n +L: driver=../../../../bus/usb/drivers/usb +L: firmware_node=../../../LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:2c/device:2d +A: idProduct=0002\n +A: idVendor=1d6b\n +A: interface_authorized_default=1\n +A: ltm_capable=no\n +A: manufacturer=Linux 6.1.11-200.fc37.x86_64 xhci-hcd\n +A: maxchild=12\n +A: power/active_duration=9041508\n +A: power/autosuspend=0\n +A: power/autosuspend_delay_ms=0\n +A: power/connected_duration=9041508\n +A: power/control=auto\n +A: power/level=auto\n +A: power/runtime_active_time=9041506\n +A: power/runtime_status=active\n +A: power/runtime_suspended_time=0\n +A: power/wakeup=disabled\n +A: power/wakeup_abort_count=\n +A: power/wakeup_active=\n +A: power/wakeup_active_count=\n +A: power/wakeup_count=\n +A: power/wakeup_expire_count=\n +A: power/wakeup_last_time_ms=\n +A: power/wakeup_max_time_ms=\n +A: power/wakeup_total_time_ms=\n +A: product=xHCI Host Controller\n +A: quirks=0x0\n +A: removable=unknown\n +A: rx_lanes=1\n +A: serial=0000:00:14.0\n +A: speed=480\n +A: tx_lanes=1\n +A: urbnum=117\n +A: version= 2.00\n + +P: /devices/pci0000:00/0000:00:14.0 +E: DRIVER=xhci_hcd +E: MODALIAS=pci:v00008086d00009D2Fsv000017AAsd00002233bc0Csc03i30 +E: PCI_CLASS=C0330 +E: PCI_ID=8086:9D2F +E: PCI_SLOT_NAME=0000:00:14.0 +E: PCI_SUBSYS_ID=17AA:2233 +E: SUBSYSTEM=pci +A: ari_enabled=0\n +A: broken_parity_status=0\n +A: class=0x0c0330\n +H: config=86802F9D060490022130030C00008000040022F1000000000000000000000000000000000000000000000000AA173322000000007000000000000000FF010000FD01348088C60F8000000000000000005F6ECE0F000000000000000000000000306000000000000000000000000000000180C2C108000000000000000000000005008700B802E0FE0000000000000000090014F01000400100000000C10A080000080400001800008F40020000010400010000000001000012000000000000000000000000000000000000000000000001000000080000000000000000000000000000000000000000000000000000000000000000000000B30F300800000000 +A: consistent_dma_mask_bits=64\n +A: d3cold_allowed=1\n +A: dbc=disabled\n +A: device=0x9d2f\n +A: dma_mask_bits=64\n +L: driver=../../../bus/pci/drivers/xhci_hcd +A: driver_override=(null)\n +A: enable=1\n +L: firmware_node=../../LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:2c +A: irq=125\n +A: local_cpulist=0-3\n +A: local_cpus=f\n +A: modalias=pci:v00008086d00009D2Fsv000017AAsd00002233bc0Csc03i30\n +A: msi_bus=1\n +A: msi_irqs/125=msi\n +A: numa_node=-1\n +A: pools=poolinfo - 0.1\nbuffer-2048 0 0 2048 0\nbuffer-512 0 0 512 0\nbuffer-128 0 0 128 0\nbuffer-32 0 0 32 0\nxHCI 1KB stream ctx arrays 0 0 1024 0\nxHCI 256 byte stream ctx arrays 0 0 256 0\nxHCI input/output contexts 8 9 2112 9\nxHCI ring segments 38 42 4096 42\nbuffer-2048 0 0 2048 0\nbuffer-512 0 0 512 0\nbuffer-128 12 32 128 1\nbuffer-32 0 0 32 0\n +A: power/control=auto\n +A: power/runtime_active_time=9042111\n +A: power/runtime_status=active\n +A: power/runtime_suspended_time=0\n +A: power/wakeup=enabled\n +A: power/wakeup_abort_count=0\n +A: power/wakeup_active=0\n +A: power/wakeup_active_count=0\n +A: power/wakeup_count=0\n +A: power/wakeup_expire_count=0\n +A: power/wakeup_last_time_ms=0\n +A: power/wakeup_max_time_ms=0\n +A: power/wakeup_total_time_ms=0\n +A: power_state=D0\n +A: resource=0x00000000f1220000 0x00000000f122ffff 0x0000000000140204\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n +A: revision=0x21\n +A: subsystem_device=0x2233\n +A: subsystem_vendor=0x17aa\n +A: vendor=0x8086\n diff --git a/src/tests/system/data/test_passkey/umockdev.ioctl b/src/tests/system/data/test_passkey/umockdev.ioctl new file mode 100644 index 00000000000..e9c4719c431 --- /dev/null +++ b/src/tests/system/data/test_passkey/umockdev.ioctl @@ -0,0 +1,4 @@ +@DEV /dev/hidraw1 +HIDIOCGRDESCSIZE 0 22000000 +HIDIOCGRDESC 0 2200000006D0F10901A1010920150026FF007508954081020921150026FF00750895409102C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +HIDIOCGRDESC 0 2200000006D0F10901A1010920150026FF007508954081020921150026FF00750895409102C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000EE952D42C555000000000000000000000000000000000000601EF2A6377F0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D69E7A6377F00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F0E7E2A6377F00000000000000000000E0ACF6A6377F00000000000000000000000000000000000080B02B42C555000010010000000000000000000000000000408000000000000080ACF6A6377F0000308000000000000076000000000000003F0000000000000010832D42C55500005412E3A6377F0000A06100000000000030800000000000007600000000000000F59BE6A6377F0000000000000000000080ACF6A6377F0000D8952D42C5550000408D2D42C555000030C878A6377F00000000000000000000408D2D42C55500001A84D6A6377F00000000000000000000000000000000000000800000000000000600000000000000C06E4CA7377F00008598E6A6377F000000000000000000000600000000000000A047F93CFE7F0000F298E6A6377F000081000000000000000A000000000000004900000000000000ED4100000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000E2D1066400000000C240E13200000000E2D1066400000000C240E13200000000E2D1066400000000C240E132000000000000000000000000000000000000000000000000000000000000000000000000001E7173D69F706EE0A34BA7377F0000001E7173D69F706E2049F93CFE7F0000B9A74AA7377F0000FFFFFF7FFEFFFFFF7BFBE2A6377F0000F048F93C01000000B0652B42C55500000049F93C01000000001E7173D69F706E4018D8A6377F0000001E7173D69F706ED048F93CFE7F000070FFFFFFFFFFFFFF0000000000000000DCA6D6A6377F00000000000000000000408D2D42C5550000000000000000000030BC2B42C55500006049F93CFE7F0000001E7173D69F706E30722D42C555000070FFFFFFFFFFFFFF3D000000000000006049F93CFE7F000030BC2B42C5550000FF5348A7377F000010832D42C55500006323E3A6377F00000000000000000000001E7173D69F706E6049F93CFE7F0000989349A7377F000000000000000000008B7849A7377F0000D09449A7377F00004018D8A6377F00008B7849A7377F0000001E7173D69F706E3D0000000000000070FFFFFFFFFFFFFF3D000000000000006F7E49A7377F00008B7849A7377F00003F0000000000000010832D42C5550000001E7173D69F706E10B52B42C55500000000000000000000784BF93CFE7F00000F0000000000000070592D42C555000058805D41C555000060A35D41C55500002AD54CA7377F0000104AF93C0800000010802D42C5550000404AF93C diff --git a/src/tests/system/mhc.yaml b/src/tests/system/mhc.yaml index d0e021d7f97..d59d3cf40d7 100644 --- a/src/tests/system/mhc.yaml +++ b/src/tests/system/mhc.yaml @@ -23,8 +23,8 @@ domains: config: client: ipa_domain: ipa.test - krb5_keytab: /enrollment/ipa.keytab - ldap_krb5_keytab: /enrollment/ipa.keytab + krb5_keytab: /enrollment/ipa.test.keytab + ldap_krb5_keytab: /enrollment/ipa.test.keytab - hostname: dc.ad.test role: ad @@ -38,8 +38,8 @@ domains: bindpw: vagrant client: ad_domain: ad.test - krb5_keytab: /enrollment/ad.keytab - ldap_krb5_keytab: /enrollment/ad.keytab + krb5_keytab: /enrollment/ad.test.keytab + ldap_krb5_keytab: /enrollment/ad.test.keytab - hostname: dc.samba.test role: samba @@ -48,8 +48,8 @@ domains: bindpw: Secret123 client: ad_domain: samba.test - krb5_keytab: /enrollment/samba.keytab - ldap_krb5_keytab: /enrollment/samba.keytab + krb5_keytab: /enrollment/samba.test.keytab + ldap_krb5_keytab: /enrollment/samba.test.keytab - hostname: nfs.test role: nfs diff --git a/src/tests/system/polarion.yaml b/src/tests/system/polarion.yaml new file mode 100644 index 00000000000..75b1ccb96e9 --- /dev/null +++ b/src/tests/system/polarion.yaml @@ -0,0 +1,35 @@ +testcase: + required: + title: + transform: + pattern: "^(.*)$" + replace: "IDM-SSSD-TC: \\1" + validate: "IDM-SSSD-TC: (.+)" + setup: + format: pre + steps: + expectedresults: + customerscenario: + caseimportance: + requirement: + optional: + id: + default: "idm-sssd-tc::{{ item.id }}" + caseautomation: + default: "automated" + casecomponent: + default: "sssd" + status: + default: "approved" + subsystemteam: + default: "sst_idm_sssd" + upstream: + default: "yes" + automation_script: + default: "{{ tests_url }}/{{ item.location.file }}#L{{ item.location.line }}" + testtype: + default: "functional" + caselevel: + default: "system" + teardown: + format: pre diff --git a/src/tests/system/pytest.ini b/src/tests/system/pytest.ini index 92e4ce31eef..e7fe2714414 100644 --- a/src/tests/system/pytest.ini +++ b/src/tests/system/pytest.ini @@ -1,7 +1,16 @@ +# For marker descriptions please look at https://tests.sssd.io/en/latest/marks.html [pytest] addopts = --strict-markers testpaths = tests markers = - slow: marks tests as slow (deselect with '-m "not slow"') - contains_workaround_for(gh=...,bz=...): test requires workaround for an existing bug + authentication: + authorization: + cache: + config: + contains_workaround_for(gh=...,bz=...): + identity: + schema: + slow: + tools: ticket_tools = bz,gh,jira + diff --git a/src/tests/system/requirements.txt b/src/tests/system/requirements.txt index 91229f4896d..5210bc23cb1 100644 --- a/src/tests/system/requirements.txt +++ b/src/tests/system/requirements.txt @@ -1,5 +1,7 @@ pytest +git+https://github.com/next-actions/pytest-importance git+https://github.com/next-actions/pytest-mh git+https://github.com/next-actions/pytest-ticket git+https://github.com/next-actions/pytest-tier +git+https://github.com/next-actions/pytest-output git+https://github.com/SSSD/sssd-test-framework diff --git a/src/tests/system/tests/test_authentication.py b/src/tests/system/tests/test_authentication.py new file mode 100644 index 00000000000..46341f05173 --- /dev/null +++ b/src/tests/system/tests/test_authentication.py @@ -0,0 +1,86 @@ +""" +SSSD Sanity Test Cases + +:requirement: offline +""" +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.topology import KnownTopologyGroup + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.parametrize("method", ["su", "ssh"]) +def test_authentication__login(client: Client, provider: GenericProvider, method: str): + """ + :title: ssh/su login + :setup: + 1. Add user to SSSD + 2. Set password for user + 3. Start SSSD + :steps: + 1. Authenticate user with correct password + 2. Authenticate user with incorrect password + :expectedresults: + 1. User is authenticated + 2. User is not authenticated + :customerscenario: False + """ + provider.user("user1").add(password="Secret123") + + client.sssd.start() + + assert client.auth.parametrize(method).password("user1", "Secret123"), "login with correct password failed" + assert not client.auth.parametrize(method).password("user1", "NOTSecret123"), "login with wrong password succeeded" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.parametrize("method", ["su", "ssh"]) +def test_authentication__offline_login(client: Client, provider: GenericProvider, method: str): + """ + :title: Offline ssh/su login + :setup: + 1. Add user to SSSD and set its password + 2. In SSSD domain change "cache_credentials" and "krb5_store_password_if_offline" to "True" + 3. In SSSD pam change "offline_credentials_expiration" to "0" + 4. Start SSSD + :steps: + 1. Authenticate user with wrong password + 2. Authenticate user with correct password + 3. Make server offline (by blocking traffic to the provider) + 4. Bring SSSD offline explicitly + 5. Offline authentication of user with correct password + 6. Offline authentication of user with wrong password + :expectedresults: + 1. User is not authenticated + 2. User is authenticated + 3. Firewall rule added, traffic is dropped. + 4. SSSD is offline + 5. Offline authentication is successful + 6. Offline authentication is not successful + :customerscenario: False + """ + user = "user1" + correct = "Secret123" + wrong = "Wrong123" + provider.user(user).add(password=correct) + + client.sssd.domain["cache_credentials"] = "True" + client.sssd.domain["krb5_store_password_if_offline"] = "True" + client.sssd.pam["offline_credentials_expiration"] = "0" + client.sssd.start() + + assert not client.auth.parametrize(method).password(user, wrong), "login with wrong password succeeded" + assert client.auth.parametrize(method).password(user, correct), "login with correct password failed" + + # Block provider. + client.firewall.outbound.reject_host(provider) + + # There might be active connections that are not terminated by creating firewall rule. + # We need to terminated it by bringing SSSD to offline state explicitly. + client.sssd.bring_offline() + + assert client.auth.parametrize(method).password(user, correct), "offline login with correct password failed" + assert not client.auth.parametrize(method).password(user, wrong), "offline login with wrong password succeeded" diff --git a/src/tests/system/tests/test_auto_private_groups.py b/src/tests/system/tests/test_auto_private_groups.py new file mode 100644 index 00000000000..643c1dafb56 --- /dev/null +++ b/src/tests/system/tests/test_auto_private_groups.py @@ -0,0 +1,48 @@ +""" +Automation of auto private groups + +:requirement: IDM-SSSD-REQ: SSSD can automatically create\ + user private groups for users +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.topology import KnownTopologyGroup + + +@pytest.mark.ticket(bz=1695577) +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_auto_private_groups__hybrid(client: Client, provider: GenericProvider): + """ + :title: auto_private_groups set to hybrid + :setup: + 1. Add user "user_same" with uid equals to gid + 2. Add user "user_different" with uid not equals to gid + 3. Set auto_private_groups in sssd.conf to hybrid and turn of ldap_id_mapping + 4. Start SSSD + :steps: + 1. getent passwd "user_same" + 2. getent passwd "user_different" + :expectedresults: + 1. Uid equals to gid + 2. Uid does not equal to gid + :customerscenario: True + """ + provider.user("user_same").add(uid=111111, gid=111111) + provider.user("user_different").add(uid=111111, gid=100000) + + client.sssd.domain["auto_private_groups"] = "hybrid" + client.sssd.domain["ldap_id_mapping"] = "false" + + client.sssd.start() + + result = client.tools.getent.passwd("user_same@test") + assert result, "getent passwd failed on user_same" + assert result.uid == result.gid, "gid and uid for user_same are not same" + + result = client.tools.getent.passwd("user_different@test") + assert result, "getent passwd failed on user_different" + assert result.uid != result.gid, "gid and uid for user_different are same" diff --git a/src/tests/system/tests/test_autofs.py b/src/tests/system/tests/test_autofs.py new file mode 100644 index 00000000000..dacb0bcfd4c --- /dev/null +++ b/src/tests/system/tests/test_autofs.py @@ -0,0 +1,208 @@ +""" +Autofs tests. + +:requirement: Ldap Provider - automount +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.roles.nfs import NFS +from sssd_test_framework.topology import KnownTopologyGroup + + +@pytest.mark.importance("critical") +@pytest.mark.ticket(gh=6739) +@pytest.mark.parametrize("cache_first", [False, True]) +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_autofs__cache_first(client: Client, nfs: NFS, provider: GenericProvider, cache_first: bool): + """ + :title: Autofs works correctly with any cache_first value + :setup: + 1. Create NFS export + 2. Create auto.master map + 3. Create auto.export map + 4. Add /export (auto.export) key to auto.master + 5. Add "NFS export" key as "export" to auto.export + 6. Enable autofs responder + 7. Set [autofs]/cache_first = $cache_first + 8. Start SSSD + 9. Reload autofs daemon + :steps: + 1. Access /export/export + 2. Dump automount maps "automount -m" + :expectedresults: + 1. Directory can be accessed and it is correctly mounted to the NFS share + 2. /export contains auto.export map and "export" key + :customerscenario: False + """ + nfs_export = nfs.export("export").add() + auto_master = provider.automount.map("auto.master").add() + auto_export = provider.automount.map("auto.export").add() + auto_master.key("/export").add(info=auto_export) + key = auto_export.key("export").add(info=nfs_export) + + # Start SSSD + client.sssd.common.autofs() + client.sssd.autofs["cache_first"] = str(cache_first) + client.sssd.start() + + # Reload automounter in order fetch updated maps + client.automount.reload() + + # Check that we can mount the exported directory + assert client.automount.mount("/export/export", nfs_export) + + # Check that the maps are correctly fetched + assert client.automount.dumpmaps() == { + "/export": {"map": "auto.export", "keys": [str(key)]}, + } + + +@pytest.mark.importance("medium") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_autofs__propagate_offline__single_domain(client: Client, provider: GenericProvider): + """ + :title: Autofs propagates offline status if a domain is offline + :setup: + 1. Block traffic to the provider + 2. Enable autofs responder + 3. Start SSSD + 4. Reload autofs daemon + :steps: + 1. Read autofs responder logs + :expectedresults: + 1. cache_req returns "SSSD is offline" when data provider is offline for auto.master search + :customerscenario: False + """ + # Render the provider offline + client.firewall.outbound.reject_host(provider) + + # Start SSSD + client.sssd.common.autofs() + client.sssd.start() + + # Reload automounter in order fetch updated maps + client.automount.reload() + + # Check that offline status was returned from cache req + log = client.fs.read(client.sssd.logs.autofs).splitlines() + offline_status_propagated = False + for index, line in enumerate(log): + if "cache_req_process_result" in line and "Finished: Error" in line and "SSSD is offline" in line: + if "Object [auto.master] was not found in cache" in log[index - 1]: + offline_status_propagated = True + break + + assert offline_status_propagated + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_autofs__propagate_offline__multi_domain(client: Client): + """ + :title: Autofs propagates offline status if a domain is offline in multi domain environment + :setup: + 1. Create two fake LDAP domains that will be offline (the provider is online but does not have autofs maps) + 2. Enable autofs responder + 3. Start SSSD + 4. Reload autofs daemon + :steps: + 1. Read autofs responder logs + :expectedresults: + 1. cache_req returns "SSSD is offline" when data provider is offline for auto.master search + :customerscenario: False + """ + # Create fake domains, these will be offline + client.sssd.dom("fake1").update( + enabled="true", + id_provider="ldap", + ldap_uri="ldap://fake1.test", + ) + + client.sssd.dom("fake2").update( + enabled="true", + id_provider="ldap", + ldap_uri="ldap://fake2.test", + ) + + # Start SSSD + client.sssd.common.autofs() + client.sssd.start() + + # Reload automounter in order fetch updated maps + client.automount.reload() + + # Check that offline status was returned from cache req + log = client.fs.read(client.sssd.logs.autofs).splitlines() + offline_status_propagated = False + for index, line in enumerate(log): + if "cache_req_process_result" in line and "Finished: Error" in line and "SSSD is offline" in line: + if "Object [auto.master] was not found in cache" in log[index - 1]: + offline_status_propagated = True + break + + assert offline_status_propagated + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_autofs__offline_domains(client: Client, nfs: NFS, provider: GenericProvider): + """ + :title: Autofs works if some domain is offline in multi domain environment + :setup: + 1. Create NFS export + 2. Create auto.master map + 3. Create auto.export map + 4. Add /export (auto.export) key to auto.master + 5. Add "NFS export" key as "export" to auto.export + 6. Create two fake LDAP domains that will be offline (the provider is online) + 7. Enable autofs responder + 8. Start SSSD + 9. Reload autofs daemon + :steps: + 1. Access /export/export + 2. Dump automount maps "automount -m" + :expectedresults: + 1. Directory can be accessed and it is correctly mounted to the NFS share + 2. /export contains auto.export map and "export" key + :customerscenario: False + """ + + # Create autofs maps + nfs_export = nfs.export("export").add() + auto_master = provider.automount.map("auto.master").add() + auto_export = provider.automount.map("auto.export").add() + auto_master.key("/export").add(info=auto_export) + key = auto_export.key("export").add(info=nfs_export) + + # Create fake domains, these will be offline + client.sssd.dom("fake1").update( + enabled="true", + id_provider="ldap", + ldap_uri="ldap://fake1.test", + ) + + client.sssd.dom("fake2").update( + enabled="true", + id_provider="ldap", + ldap_uri="ldap://fake2.test", + ) + + # Start SSSD + client.sssd.sssd["domain_resolution_order"] = f"fake1, fake2, {client.sssd.default_domain}" + client.sssd.common.autofs() + client.sssd.start() + + # Reload automounter in order fetch updated maps + client.automount.reload() + + # Check that we can mount the exported directory + assert client.automount.mount("/export/export", nfs_export) + + # Check that the maps are correctly fetched + assert client.automount.dumpmaps() == { + "/export": {"map": "auto.export", "keys": [str(key)]}, + } diff --git a/src/tests/system/tests/test_config.py b/src/tests/system/tests/test_config.py new file mode 100644 index 00000000000..b4a522a05ee --- /dev/null +++ b/src/tests/system/tests/test_config.py @@ -0,0 +1,172 @@ +""" +SSSD Configuration-related Test Cases + +:requirement: IDM-SSSD-REQ: Configuration merging +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.topology import KnownTopologyGroup + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_config__change_config_while_sssd_running(client: Client): + """ + :title: Re-generate config while SSSD is running + :setup: + 1. In pam domain set "debug_level" to 9 + 2. Start SSSD + :steps: + 1. Check that "debug_level" in pam domain is 9 + 2. Change "debug_level" in pam to 1 + 3. Apply config changes + 4. Call "sssd --genconf" + 5. Check that "debug_level" in pam is 1 + :expectedresults: + 1. "debug_level" is set to 9 + 2. "debug_level" is changed successfully + 3. Changes are apllied successfully + 4. "sssd --genconf" is called successfully + 5. "debug_level" is set to 1 + :customerscenario: False + """ + client.sssd.pam["debug_level"] = "9" + client.sssd.start() + + result = client.ldb.search("/var/lib/sss/db/config.ldb", "cn=pam,cn=config") + assert result["cn=pam,cn=config"]["debug_level"] == ["9"] + + client.sssd.pam["debug_level"] = "1" + client.sssd.config_apply() + client.sssd.genconf() + + result = client.ldb.search("/var/lib/sss/db/config.ldb", "cn=pam,cn=config") + assert result["cn=pam,cn=config"]["debug_level"] == ["1"] + + +@pytest.mark.importance("critical") +@pytest.mark.config +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_config__genconf_particular_section(client: Client): + """ + :title: Re-generate only particular section in config while SSSD is running + :setup: + 1. In pam domain set "debug_level" to 9 + 2. In nss domain set "debug_level" to 9 + 3. Start SSSD + :steps: + 1. Check that "debug_level" in pam domain is 9 + 2. Check that "debug_level" in nss domain is 9 + 3. Change "debug_level" in pam and in nss to 1 + 4. Apply config changes + 5. Call "sssd --genconf-section==pam" + 6. Check that "debug_level" in pam is 1 + 7. Check that "debug_level" in nss remained 9 + :expectedresults: + 1. "debug_level" is set to 9 + 2. "debug_level" is set to 9 + 3. "debug_level" is changed successfully + 4. Changes are apllied successfully + 5. "sssd --genconf-section==pam" is called successfully + 6. "debug_level" in pam is 1 + 7. "debug_level" in nss remains 9 + :customerscenario: False + """ + client.sssd.pam["debug_level"] = "9" + client.sssd.nss["debug_level"] = "9" + client.sssd.start() + + result = client.ldb.search("/var/lib/sss/db/config.ldb") + assert result["cn=pam,cn=config"]["debug_level"] == ["9"] + assert result["cn=nss,cn=config"]["debug_level"] == ["9"] + + client.sssd.pam["debug_level"] = "1" + client.sssd.nss["debug_level"] = "1" + client.sssd.config_apply() + + client.sssd.genconf("pam") + + result = client.ldb.search("/var/lib/sss/db/config.ldb") + assert result["cn=pam,cn=config"]["debug_level"] == ["1"] + assert result["cn=nss,cn=config"]["debug_level"] == ["9"] + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_config__add_remove_section(client: Client): + """ + :title: Add and remove new section to config file + with --genconf-section while SSSD is running + :setup: + 1. In pam domain set "debug_level" to 9 + 2. In nss domain set "debug_level" to 9 + 3. Start SSSD + :steps: + 1. Check that "debug_level" in pam and nss is 9 + 2. Add new section to config with key, value pair set + 3. Apply config changes + 4. Call "sssd --genconf-section==$newSection" + 5. Check that the new section is properly set + 6. Remove new section + 7. Call "sssd --genconf-section==$newSection" + 8. Check that the new section was deleted + 9. Check that "debug_level" in pam and nss is 9 + :expectedresults: + 1. "debug_level" is set to 9 in both domains + 2. Added successfully + 3. New configuration was written + 4. Changes are applied successfully + 5. "sssd --genconf-section==$newSection" is called successfully + 6. New section is removed successfully + 7. "sssd --genconf-section==$newSection" is called successfully + 8. New section was deleted correctly + 9. "debug_level" in pam and nss remained 9 + :customerscenario: False + """ + client.sssd.pam["debug_level"] = "9" + client.sssd.nss["debug_level"] = "9" + client.sssd.start() + + result = client.ldb.search("/var/lib/sss/db/config.ldb") + assert result["cn=pam,cn=config"]["debug_level"] == ["9"] + assert result["cn=nss,cn=config"]["debug_level"] == ["9"] + + client.sssd.config["new_section"] = {"key": "value"} + client.sssd.config_apply(check_config=False) + client.sssd.genconf("new_section") + + result = client.ldb.search("/var/lib/sss/db/config.ldb", "cn=new_section,cn=config") + assert result["cn=new_section,cn=config"]["key"] == ["value"] + + del client.sssd.config["new_section"] + + client.sssd.config_apply() + client.sssd.genconf("new_section") + + result = client.ldb.search("/var/lib/sss/db/config.ldb") + assert result["cn=pam,cn=config"]["debug_level"] == ["9"] + assert result["cn=nss,cn=config"]["debug_level"] == ["9"] + with pytest.raises(KeyError): + assert result["cn=new_section,cn=config"]["key"] != ["value"] + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_config__genconf_no_such_section(client: Client): + """ + :title: genconf-section with nonexisting section did not fail + :setup: + 1. Start SSSD + :steps: + 1. Call 'sssd --genconf-section=$nonexistingSection' + :expectedresults: + 1. Call did not fail + :customerscenario: False + """ + client.sssd.start() + result = client.sssd.genconf("nonexistingSection") + assert result.rc == 0 + assert not result.stderr diff --git a/src/tests/system/tests/test_default_debug_level.py b/src/tests/system/tests/test_default_debug_level.py new file mode 100644 index 00000000000..29fa9308a9f --- /dev/null +++ b/src/tests/system/tests/test_default_debug_level.py @@ -0,0 +1,173 @@ +""" +Automation for default debug level + +:requirement: SSSD - Default debug level +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.topology import KnownTopology + + +@pytest.mark.topology(KnownTopology.Client) +def test_default_debug_level__check(client: Client): + """ + :title: Check default debug level when sssd started successfully + :setup: + 1. Clear logs and cache + 2. Start SSSD with default debug level + :steps: + 1. Check log files + :expectedresults: + 1. "Starting with debug level = 0x0070" is in each file and + if log contains more than one line, log message with number "0x3f7c0" is stored + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.default_domain = "local" + + client.sssd.clear(db=True, memcache=True, logs=True, config=False) + client.sssd.start(debug_level=None) + + for file in [client.sssd.logs.monitor, client.sssd.logs.domain(), client.sssd.logs.nss, client.sssd.logs.pam]: + log_str = client.fs.read(file) + assert "Starting with debug level = 0x0070" in log_str, f"Log file has wrong format: {log_str}" + + if len(log_str.split("\n")) > 1: + assert "(0x3f7c0)" in log_str, f"Log file has wrong format: {log_str}" + + +@pytest.mark.topology(KnownTopology.Client) +def test_default_debug_level__check_with_login(client: Client): + """ + :title: Successful login with default debug level doesn't generate any logs + :setup: + 1. Add local user, set its password + 2. Add fallback_homedir (generates extra logs on user auth if not specified) + 3. Clear cache and logs + :steps: + 1. Start SSSD with default debug level + 2. Authenticate with user + 3. Check that logs were not generated + :expectedresults: + 1. SSSD started successfully + 2. User is authenticated + 3. Diff of copy and logs is empty + :customerscenario: False + """ + + client.local.user("user1").add(password="Secret123") + client.sssd.common.local() + client.sssd.default_domain = "local" + client.sssd.domain["fallback_homedir"] = "/home/%%u" + + client.sssd.clear(db=True, memcache=True, logs=True, config=False) + client.sssd.start(debug_level=None) + + client.fs.copy("/var/log/sssd", "/tmp/copy") + assert client.auth.ssh.password("user1", "Secret123"), "Authentication failed" + assert not client.host.ssh.run("diff /var/log/sssd /tmp/copy").stdout, "Debug messages were generated" + + +@pytest.mark.ticket(bz=1893159) +@pytest.mark.topology(KnownTopology.Client) +def test_default_debug_level__fatal_and_critical_failures(client: Client): + """ + :title: Check that messages with levels 0 and 1 are logged for fatal or critical failures + :setup: + 1. Start SSSD with default debug level (config file is created) + 2. Restrict sssd.conf permissions + :steps: + 1. Restart sssd + 2. Check logs + :expectedresults: + 1. SSSD failed to start + 2. Fatal failures (level 0) and Critical failures (level 1) are in log file + :customerscenario: True + """ + client.sssd.common.local() + client.sssd.default_domain = "local" + client.sssd.start(debug_level=None) + client.fs.chmod(mode="444", path="/etc/sssd/sssd.conf") + + assert ( + client.sssd.restart(debug_level=None, raise_on_error=False, apply_config=False).rc != 0 + ), "SSSD started successfully, which is not expected" + + log_str = client.fs.read(client.sssd.logs.monitor) + assert "0x0010" in log_str, "Fatal failures were not found in log" + assert "0x0020" in log_str, "Critical failures were not found in log" + + +@pytest.mark.ticket(bz=1893159) +@pytest.mark.topology(KnownTopology.Client) +def test_default_debug_level__cannot_load_sssd_config(client: Client): + """ + :title: Check that messages with level 2 are logged when SSSD can't load config + :setup: + 1. Set 'domains' to 'non_existing_domain' in sssd section + :steps: + 1. Try to start SSSD with default debug level + 2. Check logs + :expectedresults: + 1. SSSD failed to start + 2. Correct error message is in log file + :customerscenario: True + """ + client.sssd.sssd["domains"] = "non_existing_domain" + assert ( + client.sssd.start(debug_level=None, raise_on_error=False).rc != 0 + ), "SSSD started successfully, which is not expected" + assert "SSSD couldn't load the configuration database" in client.fs.read(client.sssd.logs.monitor) + + +@pytest.mark.ticket(bz=1893159) +@pytest.mark.topology(KnownTopology.LDAP) +def test_default_debug_level__nonexisting_ldap_server(client: Client): + """ + :title: Check that messages with level 2 are logged when LDAP server doesn't exist + :setup: + 1. Set ldap_uri to a non-existing ldap-server + 2. Start sssd with default debug level + 3. Enable ifp responder + :steps: + 1. Check logs + 2. Check default domain status + :expectedresults: + 1. Domain logs should contain a log related to 'going offline' + 2. LDAP is not connected + :customerscenario: True + """ + client.sssd.domain["ldap_uri"] = "ldap://typo.invalid" + client.sssd.enable_responder("ifp") + client.sssd.start(debug_level=None, raise_on_error=False) + + logs = client.fs.read(client.sssd.logs.domain()) + assert "Failed to connect, going offline" in logs, "String was not found in the logs" + + assert client.sssd.default_domain, "default_domain is None" + res = client.sssctl.domain_status(client.sssd.default_domain) + assert "LDAP: not connected" in res.stdout + + +@pytest.mark.ticket(bz=1915319) +@pytest.mark.topology(KnownTopology.Client) +def test_default_debug_level__sbus(client: Client): + """ + :title: SBUS doesn't trigger failure message at modules startup + :setup: + 1. Start sssd with default debug level + :steps: + 1. Check logs + :expectedresults: + 1. "Unable to remove key" is not in the logs + :customerscenario: True + """ + client.sssd.common.local() + client.sssd.default_domain = "local" + client.sssd.start(debug_level=None) + + for file in [client.sssd.logs.monitor, client.sssd.logs.domain(), client.sssd.logs.nss, client.sssd.logs.pam]: + assert "Unable to remove key" not in client.fs.read(file), f"'Unable to remove key' was found in file: {file}" diff --git a/src/tests/system/tests/test_files.py b/src/tests/system/tests/test_files.py new file mode 100644 index 00000000000..e6e8d53ea5e --- /dev/null +++ b/src/tests/system/tests/test_files.py @@ -0,0 +1,120 @@ +""" +Files test provider cases + +:requirement: IDM-SSSD-REQ :: SSSD is default for local resolution +""" + +from __future__ import annotations + +import time + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.topology import KnownTopology + + +@pytest.mark.builtwith("files-provider") +@pytest.mark.topology(KnownTopology.Client) +def test_files__getent_does_not_handle_root(client: Client): + """ + :title: Getent call doesnt work on root, when service specified as "sss" + :setup: + 1. Enable files domain + 2. Start SSSD + :steps: + 1. getent passwd -s sss root + :expectedresults: + 1. Call failed + :customerscenario: False + """ + client.sssd.sssd["enable_files_domain"] = "true" + client.sssd.start() + + result = client.tools.getent.passwd("root", service="sss") + assert result is None, "Getent call was successful, which is not expected" + + +@pytest.mark.builtwith("files-provider") +@pytest.mark.topology(KnownTopology.Client) +def test_files__simple_getent(client: Client): + """ + :title: Simple getent call + :setup: + 1. Add local user "user1" + 2. Enable files domain + 3. Start SSSD + :steps: + 1. getent passwd -s sss user1 + 2. Check uid of result + :expectedresults: + 1. Call was successful + 2. Uid is correct + :customerscenario: False + """ + client.local.user("user1").add(uid=10001) + client.sssd.sssd["enable_files_domain"] = "true" + client.sssd.start() + + result = client.tools.getent.passwd("user1", service="sss") + assert result is not None, "Getent failed" + assert result.uid == 10001, "Uid is not correct" + + +@pytest.mark.builtwith("files-provider") +@pytest.mark.topology(KnownTopology.Client) +def test_files__enumeration(client: Client): + """ + :title: Files provider should not enumerate + :setup: + 1. Enable files domain + 2. Start SSSD + :steps: + 1. getent passwd -s sss without specified user + :expectedresults: + 1. Output is empty + :customerscenario: False + """ + client.sssd.sssd["enable_files_domain"] = "true" + client.sssd.start() + + result = client.host.ssh.run("getent passwd -s sss") + assert not result.stdout + + +@pytest.mark.builtwith("files-provider") +@pytest.mark.topology(KnownTopology.Client) +def test_files__user_modify(client: Client): + """ + :title: User have his homedir updated, after passwd + :setup: + 1. Add local user "user1" with specified homedir + 2. Enable files domain + 3. Start SSSD + :steps: + 1. getent passwd -s sss user1 + 2. Check that homedir is correct + 3. Modify user1's homedir + 4. Wait for changes to be propagated + 5. Check that homedir is correct + :expectedresults: + 1. Call is successful + 2. homedir is correct + 3. homedir modified successfully + 4. Slept well + 5. homedir is updated correctly + :customerscenario: False + """ + client.local.user("user1").add(password="Secret123", home="/tmp") + client.sssd.sssd["enable_files_domain"] = "true" + client.sssd.start() + + result = client.tools.getent.passwd("user1", service="sss") + assert result is not None + assert result.home == "/tmp" + + client.local.user("user1").modify(home="/home/user1") + + time.sleep(1) + result = client.tools.getent.passwd("user1", service="sss") + assert result is not None + assert result.home == "/home/user1" diff --git a/src/tests/system/tests/test_identity.py b/src/tests/system/tests/test_identity.py new file mode 100644 index 00000000000..164f5050602 --- /dev/null +++ b/src/tests/system/tests/test_identity.py @@ -0,0 +1,517 @@ +""" +SSSD Client identity Lookups + +:requirement: IDM-SSSD-REQ: Client side performance improvements +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.generic import GenericProvider, GenericADProvider +from sssd_test_framework.topology import KnownTopologyGroup + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_identity__lookup_username_with_id(client: Client, provider: GenericProvider): + """ + :title: Resolve user by name with id + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Set users uids and gids + 3. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(name) + 2. Check that results have correct names + 3. Check that results have correct ids + :expectedresults: + 1. Users are found + 2. Users have correct names + 3. Users have correct ids + :customerscenario: False + """ + ids = [("user1", 10001), ("user2", 10002), ("user3", 10003)] + for user, id in ids: + provider.user(user).add(uid=id, gid=id + 500) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for name, uid in ids: + result = client.tools.id(name) + assert result is not None, f"User {name} was not found using id" + assert result.user.name == name, f"Username {result.user.name} is incorrect, {name} expected" + assert result.user.id == uid, f"User id {result.user.id} is incorrect, {uid} expected" + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_identity__lookup_uid_with_id(client: Client, provider: GenericProvider): + """ + :title: Resolve user by uid with id + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Set users uids and gids + 3. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(uid) + 2. Check that users have correct names + 3. Check that users have correct ids + :expectedresults: + 1. Users are found + 2. Users have correct names + 3. Users have correct ids + :customerscenario: False + """ + ids = [("user1", 10001), ("user2", 10002), ("user3", 10003)] + for user, id in ids: + provider.user(user).add(uid=id, gid=id + 500) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for name, uid in ids: + result = client.tools.id(uid) + assert result is not None, f"User with uid {uid} was not found using id" + assert result.user.name == name, f"Username {result.user.name} is incorrect, {name} expected" + assert result.user.id == uid, f"User id {result.user.id} is incorrect, {uid} expected" + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_identity__lookup_groupname_with_getent(client: Client, provider: GenericProvider): + """ + :title: Resolve group by name with getent.group + :setup: + 1. Add 'group1', 'group2' and 'group3' to SSSD + 2. Set groups gids + 3. Start SSSD + :steps: + 1. Find 'group1', 'group2' and 'group3' with getent.group(name) + 2. Check that groups have correct names + 3. Check that groups have correct gids + :expectedresults: + 1. Groups are found + 2. Groups have correct names + 3. Groups have correct gids + :customerscenario: False + """ + ids = [("group1", 10001), ("group2", 10002), ("group3", 10003)] + for group, id in ids: + provider.group(group).add(gid=id) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for name, gid in ids: + result = client.tools.getent.group(name) + assert result is not None, f"Group {name} was not found using getent" + assert result.name == name, f"Groupname {result.name} is incorrect, {name} expected" + assert result.gid == gid, f"Group gid {result.gid} is incorrect, {gid} expected" + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_identity__lookup_gid_with_getent(client: Client, provider: GenericProvider): + """ + :title: Resolve group with by gid with getent.group + :setup: + 1. Add 'group1', 'group2' and 'group3' to SSSD + 2. Set groups gids + 3. Start SSSD + :steps: + 1. Find 'group1', 'group2' and 'group3' with getent.group(gid) + 2. Check that users have correct names + 3. Check that users have correct gids + :expectedresults: + 1. Groups are found + 2. Groups have correct names + 3. Groups have correct gids + :customerscenario: False + """ + ids = [("group1", 10001), ("group2", 10002), ("group3", 10003)] + for group, id in ids: + provider.group(group).add(gid=id) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for name, gid in ids: + result = client.tools.getent.group(gid) + assert result is not None, f"Group with gid {gid} was not found using getent" + assert result.name == name, f"Groupname {result.name} is incorrect, {name} expected" + assert result.gid == gid, f"Group gid {result.gid} is incorrect, {gid} expected" + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_identity__lookup_user_with_getent(client: Client, provider: GenericProvider): + """ + :title: Resolve user with getent.passwd + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Set users uids and gids + 3. Add 'group1', 'group2' and 'group3' to SSSD + 4. Add users to groups + 5. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with getent.passwd(name) + 2. Find 'user1', 'user2' and 'user3' with getent.passwd(uid) + 3. Check that users have correct names + 4. Check that users have correct ids + :expectedresults: + 1. Users are found + 2. Users are found + 3. Users have correct names + 4. Users have correct ids + :customerscenario: False + """ + ids = [("user1", 10001), ("user2", 10002), ("user3", 10003)] + for user, id in ids: + provider.user(user).add(uid=id, gid=id + 500) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for name, uid in ids: + result = client.tools.getent.passwd(name) + assert result is not None, f"User {name} was not found using getent" + assert result.name == name, f"Username {result.name} is incorrect, {name} expected" + assert result.uid == uid, f"User id {result.uid} is incorrect, {uid} expected" + + result = client.tools.getent.passwd(uid) + assert result is not None, f"User with uid {uid} was not found using getent" + assert result.name == name, f"Username {result.name} is incorrect, {name} expected" + assert result.uid == uid, f"User id {result.uid} is incorrect, {uid} expected" + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_identity__lookup_user_by_group_with_getent(client: Client, provider: GenericProvider): + """ + :title: Resolve user with getent.group + :setup: + 1. Add 'group1', 'group2' and 'group3' to SSSD + 2. Set groups gids + 3. Start SSSD + :steps: + 1. Find 'group1', 'group2' and 'group3' with getent.group(name) + 2. Find 'group1', 'group2' and 'group3' with getent.group(gid) + 3. Check that groups have correct names + 4. Check that groups have correct gids + :expectedresults: + 1. Groups are found + 2. Groups are found + 3. Groups have correct names + 4. Groups have correct gids + :customerscenario: False + """ + groups = [("group1", 10001), ("group2", 10002), ("group3", 10003)] + for group, id in groups: + provider.group(group).add(gid=id) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for group, id in groups: + result = client.tools.getent.group(group) + assert result is not None, f"Group {group} was not found using getent" + assert result.name == group, f"Groupname {result.name} is incorrect, {group} expected" + assert result.gid == id, f"Group gid {result.gid} is incorrect, {id} expected" + + result = client.tools.getent.group(id) + assert result is not None, f"Group with gid {id} was not found using getent" + assert result.name == group, f"Groupname {result.name} is incorrect, {group} expected" + assert result.gid == id, f"Group gid {result.gid} is incorrect, {id} expected" + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_identity__lookup_group_membership_by_username_with_id(client: Client, provider: GenericProvider): + """ + :title: Check membership of user by group name with id + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Add 'group1' to SSSD + 3. Add members to group + 4. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(name) + 2. Check that users are members of correct group using memberof([name]) + :expectedresults: + 1. Users are found + 2. Users are members of correct group + :customerscenario: False + """ + users = [("user1", "group1"), ("user2", "group1"), ("user3", "group1")] + u1 = provider.user("user1").add() + u2 = provider.user("user2").add() + u3 = provider.user("user3").add() + + provider.group("group1").add().add_members([u1, u2, u3]) + + client.sssd.start() + + for name, groups in users: + result = client.tools.id(name) + assert result is not None, f"User {name} was not found using id" + assert result.memberof(groups), f"User {name} is member of wrong groups" + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_identity__lookup_group_membership_by_group_with_id(client: Client, provider: GenericProvider): + """ + :title: Check membership of user by gid with id + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Add 'group1' to SSSD + 3. Add members to group + 4. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(name) + 2. Check that users are members of correct groups using memberof(gid) + :expectedresults: + 1. Users are found + 2. Users are members of correct group + :customerscenario: False + """ + users = [("user1", 1001), ("user2", 1001), ("user3", 1001)] + u1 = provider.user("user1").add(uid=10001, gid=19001) + u2 = provider.user("user2").add(uid=10002, gid=19002) + u3 = provider.user("user3").add(uid=10003, gid=19003) + + provider.group("group1").add(gid=1001).add_members([u1, u2, u3]) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for name, gids in users: + result = client.tools.id(name) + assert result is not None, f"User {name} was not found using id" + assert result.memberof(gids), f"User {name} is member of wrong groups" + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_identity__lookup_initgroups_with_getent(client: Client, provider: GenericProvider): + """ + :title: Check initgroups of user + :setup: + 1. Add users to SSSD + 2. Add groups to SSSD + 3. Set groups gids + 4. Add members to groups + 5. Start SSSD + :steps: + 1. Find users with getent.initgroups(name) + 2. Check that user has correct name + 3. Check that user has correct initgroups + :expectedresults: + 1. Users are found + 2. User has correct names + 3. User has correct initgroups + :customerscenario: False + """ + users = ["user1", "user2", "user3"] + u1 = provider.user("user1").add(uid=10001, gid=19001) + u2 = provider.user("user2").add(uid=10002, gid=19002) + u3 = provider.user("user3").add(uid=10003, gid=19003) + + provider.group("group1").add(gid=10001).add_members([u1, u2, u3]) + provider.group("group2").add(gid=10002).add_members([u1, u2, u3]) + provider.group("group3").add(gid=10003).add_members([u1, u2, u3]) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for name in users: + result = client.tools.getent.initgroups(name) + assert result.name == name, f"Username {result.name} is incorrect, {name} expected" + assert result.memberof([10001, 10002, 10003]), f"User {name} is member of wrong groups" + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_identity__lookup_users_with_fully_qualified_name(client: Client, provider: GenericProvider): + """ + :title: Resolve user when 'use_fully_qualified_names' is 'true' + :setup: + 1. Add 'user1' and 'user2' to SSSD + 2. Set users uids and gids + 3. In SSSD domain change 'use_fully_qualified_names' to 'true' + 4. Start SSSD + :steps: + 1. Find 'user1' and 'user2' with id(name) + 2. Find 'user1' and 'user2' with id(name@domain) + 3. Check that users have correct full names + 4. Check that users have correct ids + :expectedresults: + 1. Users are not found + 2. Users are found + 3. Users have correct full names + 4. Users have correct ids + :customerscenario: False + """ + provider.user("user1").add(uid=10001, gid=19001) + provider.user("user2").add(uid=10002, gid=19002) + + client.sssd.domain["use_fully_qualified_names"] = "true" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + assert client.tools.id("user1") is None, "User user1 should be found only with fq name" + assert client.tools.id("user2") is None, "User user2 should be found only with fq name" + + result = client.tools.id("user1@test") + assert result is not None, "User user1@test was not found using id" + assert result.user.name == "user1@test", f"Username {result.user.name} is incorrect, user1@test expected" + assert result.user.id == 10001, f"User id {result.user.id} is incorrect, 10001 expected" + + result = client.tools.id("user2@test") + assert result is not None, "User user2@test was not found using id" + assert result.user.name == "user2@test", f"Username {result.user.name} is incorrect, user2@test expected" + assert result.user.id == 10002, f"User id {result.user.id} is incorrect, 10002 expected" + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_identity__lookup_users_when_case_insensitive(client: Client, provider: GenericProvider): + """ + :title: Search user with case insensitive name when 'case_sensitive' is 'false' + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Set users uids + 3. In SSSD domain change 'case_sensitive' to 'false' + 4. Start SSSD + :steps: + 1. Find users with id(name), where name is in random lower and upper case format + 2. Check that usernames are correctly set + 3. Check that users have correct ids + :expectedresults: + 1. Users are found + 2. Users have correct names + 3. Users have correct ids + :customerscenario: False + """ + provider.user("user1").add(uid=10001, gid=19001) + provider.user("user2").add(uid=10002, gid=19002) + provider.user("user3").add(uid=10003, gid=19003) + + client.sssd.domain["case_sensitive"] = "false" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for name, uid in [ + ("uSer1", 10001), + ("user1", 10001), + ("uSER1", 10001), + ("USEr2", 10002), + ("uSEr2", 10002), + ("usER2", 10002), + ("USer3", 10003), + ("uSer3", 10003), + ("USER3", 10003), + ]: + result = client.tools.id(name) + assert result is not None, f"User {name} was not found using id" + assert result.user.name == name.lower(), f"Username {result.user.name} is incorrect, {name.lower()} expected" + assert result.user.id == uid, f"User id {result.user.id} is incorrect, {uid} expected" + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_identity__lookup_users_fully_qualified_name_and_case_insensitive(client: Client, provider: GenericProvider): + """ + :title: Search user with fq case insensitive name when + 'case_sensitive' is 'false' and 'use_fully_qualified_names' is 'true' + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Set users gids and uids + 3. Add 'group1', 'group2' and 'group3' to SSSD + 4. Set groups gids + 5. Add members to the groups + 6. In SSSD domain change 'use_fully_qualified_names' to 'true' + 7. In SSSD domain change 'case_sensitive' to 'false' + 8. Start SSSD + :steps: + 1. Find users with id(name) + 2. Find users with id(name@domain) - name is in random lower and upper case format + 3. Check that users have correct groups + :expectedresults: + 1. Users are not found + 2. Users are found + 3. Users are members of correct groups + :customerscenario: False + """ + u1 = provider.user("user1").add(gid=101, uid=10001) + u2 = provider.user("user2").add(gid=102, uid=10002) + u3 = provider.user("user3").add(gid=103, uid=10003) + + provider.group("group1").add(gid=1001).add_members([u1]) + provider.group("group2").add(gid=1002).add_members([u1, u2]) + provider.group("group3").add(gid=1003).add_members([u1, u2, u3]) + + client.sssd.domain["use_fully_qualified_names"] = "true" + client.sssd.domain["case_sensitive"] = "false" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + assert client.tools.id("user1") is None, "User user1 should be found only with fq name" + assert client.tools.id("user2") is None, "User user2 should be found only with fq name" + assert client.tools.id("user3") is None, "User user3 should be found only with fq name" + + for name in ["User1@TesT", "UseR1@TesT", "UsER1@TesT"]: + result = client.tools.id(name) + assert result is not None, f"User {name} was not found using id" + assert result.memberof([101, 1001, 1002, 1003]), f"User {name} is member of wrong groups" + + for name in ["uSer2@TeST", "user2@TEsT", "uSER2@tesT"]: + result = client.tools.id(name) + assert result is not None, f"User {name} was not found using id" + assert result.memberof([102, 1002, 1003]), f"User {name} is member of wrong groups" + + for name in ["USer3@TeST", "uSer3@TeST", "USER3@Test"]: + result = client.tools.id(name) + assert result is not None, f"User {name} was not found using id" + assert result.memberof([103, 1003]), f"User {name} is member of wrong groups" + + +@pytest.mark.importance("critical") +@pytest.mark.authentication +@pytest.mark.topology(KnownTopologyGroup.AnyAD) +def test_identity__lookup_user_posix_and_non_posix(client: Client, provider: GenericADProvider): + """ + :title: with ldap provider idmapping is disabled + :setup: + 1. Configure ldap_provider with idmapping disabled + :steps: + 1. Fetch non-posix users and groups information + 2. Fetch posix users and groups information + 3. Log in as a posix-user + :expectedresults: + 1. Non-posix user and group should not be returned + 2. POSIX user and group information should be returned + 3. POSIX user should be able to log in + :customerscenario: False + """ + + u1 = provider.user("posix_user").add(uid=10001, gid=20001, password="Secret123", + gecos='User for tests', + shell='/bin/bash') + provider.group("posix_group").add(gid=20001).add_member(u1) + + u2 = provider.user("nonposix_user").add(password="Secret123") + provider.group("nonposix_group").add().add_member(u2) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + assert client.auth.ssh.password("posix_user", "Secret123"), 'ssh login failed for posix-user' + + assert client.tools.getent.group("posix_group"), 'posix-group is not returned by sssd' + assert client.tools.getent.passwd("posix_user"), 'posix-user is not returned by sssd' + + assert client.tools.getent.group("nonposix_group") is None, 'non-posix group is returned by sssd, it should not be' + assert client.tools.getent.passwd("nonposix_user") is None, 'non-posix user is returned by sssd, it should not be' \ No newline at end of file diff --git a/src/tests/system/tests/test_kcm.py b/src/tests/system/tests/test_kcm.py index af20b0bc5e6..942e8675010 100644 --- a/src/tests/system/tests/test_kcm.py +++ b/src/tests/system/tests/test_kcm.py @@ -1,14 +1,22 @@ +""" +KCM responder tests. + +:requirement: IDM-SSSD-REQ :: SSSD KCM as default Kerberos CCACHE provider +""" + from __future__ import annotations import time import pytest +from pytest_mh.ssh import SSHProcessError from sssd_test_framework.roles.client import Client from sssd_test_framework.roles.kdc import KDC from sssd_test_framework.topology import KnownTopology -@pytest.mark.tier(0) +@pytest.mark.importance("critical") +@pytest.mark.authentication @pytest.mark.topology(KnownTopology.Client) @pytest.mark.parametrize("ccache_storage", ["memory", "secdb"]) def test_kcm__kinit_overwrite(client: Client, kdc: KDC, ccache_storage: str): @@ -55,7 +63,8 @@ def test_kcm__kinit_overwrite(client: Client, kdc: KDC, ccache_storage: str): assert krb.cache_count() == 1 -@pytest.mark.tier(0) +@pytest.mark.importance("critical") +@pytest.mark.authentication @pytest.mark.topology(KnownTopology.Client) @pytest.mark.parametrize("ccache_storage", ["memory", "secdb"]) def test_kcm__kinit_collection(client: Client, kdc: KDC, ccache_storage: str): @@ -145,7 +154,8 @@ def test_kcm__kinit_collection(client: Client, kdc: KDC, ccache_storage: str): assert krb.cache_count() == 0 -@pytest.mark.tier(0) +@pytest.mark.importance("critical") +@pytest.mark.authentication @pytest.mark.topology(KnownTopology.Client) @pytest.mark.parametrize("ccache_storage", ["memory", "secdb"]) def test_kcm__kswitch(client: Client, kdc: KDC, ccache_storage: str): @@ -214,7 +224,8 @@ def test_kcm__kswitch(client: Client, kdc: KDC, ccache_storage: str): assert krb.has_tickets("bob", kdc.realm, [kdc.tgt, kdc.qualify("host/bob")]) -@pytest.mark.tier(0) +@pytest.mark.importance("critical") +@pytest.mark.authentication @pytest.mark.topology(KnownTopology.Client) @pytest.mark.parametrize("ccache_storage", ["memory", "secdb"]) def test_kcm__subsidiaries(client: Client, kdc: KDC, ccache_storage: str): @@ -290,7 +301,8 @@ def test_kcm__subsidiaries(client: Client, kdc: KDC, ccache_storage: str): assert principals[kdc.qualify("bob")] == expected[kdc.qualify("bob")] -@pytest.mark.tier(0) +@pytest.mark.importance("critical") +@pytest.mark.authentication @pytest.mark.topology(KnownTopology.Client) @pytest.mark.parametrize("ccache_storage", ["memory", "secdb"]) def test_kcm__kdestroy_nocache(client: Client, kdc: KDC, ccache_storage: str): @@ -325,7 +337,8 @@ def test_kcm__kdestroy_nocache(client: Client, kdc: KDC, ccache_storage: str): assert False, f"kdestroy raised an error: {e}" -@pytest.mark.tier(0) +@pytest.mark.importance("critical") +@pytest.mark.authentication @pytest.mark.topology(KnownTopology.Client) def test_kcm__tgt_renewal(client: Client, kdc: KDC): """ @@ -363,3 +376,40 @@ def test_kcm__tgt_renewal(client: Client, kdc: KDC): (renew_start, _) = krb.list_tgt_times(kdc.realm) assert init_start < renew_start + + +@pytest.mark.topology(KnownTopology.Client) +def test_kcm__simple_kinit(client: Client, kdc: KDC): + """ + :title: kinit is successfull after user login + :setup: + 1. Add 'user1' to kdc and set its password + 2. Add 'user1' to local and set its password + 3. Configure Kerberos to allow KCM tests + :steps: + 1. Authenticate user with ssh + 2. Authenticate to kerberos + 3. Call "kinit" with correct password + 4. Call "kinit" with wrong password + 5. Call "klist" + :expectedresults: + 1. User is authenticated + 2. User is authenticated + 3. Call is successful + 4. Call is not successful + 5. Call is successful + :customerscenario: False + """ + username = "user1" + password = "Secret123" + + kdc.principal(username).add(password=password) + client.local.user(username).add(password=password) + client.sssd.common.kcm(kdc) + + with client.ssh(username, password) as ssh: + with client.auth.kerberos(ssh) as krb: + assert krb.kinit(username, password=password).rc == 0, "Kinit with correct password failed" + with pytest.raises(SSHProcessError): + krb.kinit(username, password="wrong") + assert krb.klist().rc == 0, "Klist failed" diff --git a/src/tests/system/tests/test_ldap.py b/src/tests/system/tests/test_ldap.py new file mode 100644 index 00000000000..5ae7f1876a7 --- /dev/null +++ b/src/tests/system/tests/test_ldap.py @@ -0,0 +1,228 @@ +""" +SSSD LDAP provider tests + +:requirement: IDM-SSSD-REQ : LDAP Provider +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.ldap import LDAP +from sssd_test_framework.topology import KnownTopology + + +@pytest.mark.ticket(bz=[795044, 1695574]) +@pytest.mark.importance("critical") +@pytest.mark.authentication +@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"]) +@pytest.mark.topology(KnownTopology.LDAP) +def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str): + """ + :title: Change password with "ldap_pwmodify_mode" set to @modify_mode + :setup: + 1. Add user to LDAP, set his password + 2. Allow user to change his password + 3. Set "ldap_pwmodify_mode" + 4. Start SSSD + :steps: + 1. Authenticate user with old password + 2. Change password of user to new password + 3. Authenticate user with new password + 4. Authenticate user with old password + :expectedresults: + 1. User is authenticated + 2. Password is changed successfully + 3. User is authenticated + 4. User is not authenticated + :customerscenario: True + """ + user = "user1" + old_pass = "Secret123" + new_pass = "New_password123" + + ldap.user(user).add(password=old_pass) + ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)') + + client.sssd.domain["ldap_pwmodify_mode"] = modify_mode + client.sssd.start() + + assert client.auth.ssh.password(user, old_pass), "Authentication with old correct password failed" + + assert client.auth.passwd.password(user, old_pass, new_pass), "Password change was not successful" + + assert client.auth.ssh.password(user, new_pass), "Authentication with new correct password failed" + assert not client.auth.ssh.password(user, old_pass), "Authentication with old incorrect password did not fail" + + +@pytest.mark.ticket(bz=[795044, 1695574]) +@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"]) +@pytest.mark.topology(KnownTopology.LDAP) +def test_ldap__change_password_new_pass_not_match(client: Client, ldap: LDAP, modify_mode: str): + """ + :title: Change password with "ldap_pwmodify_mode" set to @modify_mode, but retyped password do not match + :setup: + 1. Add user to LDAP, set his password + 2. Allow user to change his password + 3. Set "ldap_pwmodify_mode" + 4. Start SSSD + :steps: + 1. Change password to new password, but retyped password is different + :expectedresults: + 1. Password change is not successful + :customerscenario: True + """ + ldap.user("user1").add(password="Secret123") + ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)') + + client.sssd.domain["ldap_pwmodify_mode"] = modify_mode + client.sssd.start() + + assert not client.auth.passwd.password( + "user1", "Secret123", "Red123", "Hat000" + ), "Password changed successfully, which is not expected" + + +@pytest.mark.ticket(bz=[795044, 1695574, 1795220]) +@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"]) +@pytest.mark.topology(KnownTopology.LDAP) +def test_ldap__change_password_lowercase(client: Client, ldap: LDAP, modify_mode: str): + """ + :title: Change password to lower-case letters, password check fail + :setup: + 1. Add user to LDAP, set his password + 2. Allow user to change his password + 3. Set "passwordCheckSyntax" to "on" + 4. Set "ldap_pwmodify_mode" + 5. Start SSSD + :steps: + 1. Change password to new password, but all letters are lower-case + 2. Check logs + :expectedresults: + 1. Password change failed + 2. Password change failure is logged + :customerscenario: True + """ + ldap.user("user1").add(password="Secret123") + ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)') + ldap.ldap.modify("cn=config", replace={"passwordCheckSyntax": "on"}) + + client.sssd.domain["ldap_pwmodify_mode"] = modify_mode + client.sssd.start() + + assert not client.auth.passwd.password( + "user1", "Secret123", "red_32" + ), "Password changed successfully, which is not expected" + + assert ( + "pam_sss(passwd:chauthtok): User info message: Password change failed." + in client.host.ssh.run("journalctl").stdout + ) + + +@pytest.mark.ticket(bz=[1695574, 1795220]) +@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"]) +@pytest.mark.topology(KnownTopology.LDAP) +def test_ldap__change_password_wrong_current(client: Client, ldap: LDAP, modify_mode: str): + """ + :title: Password change failed because an incorrect password was used + :setup: + 1. Add user to LDAP, set his password + 2. Allow user to change his password + 3. Set "ldap_pwmodify_mode" + 4. Start SSSD + :steps: + 1. Change password to new password, but enter wrong password + :expectedresults: + 1. Password change is not successful + :customerscenario: True + """ + ldap.user("user1").add(password="Secret123") + ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)') + + client.sssd.domain["ldap_pwmodify_mode"] = modify_mode + client.sssd.start() + + assert not client.auth.passwd.password("user1", "wrong123", "Newpass123"), "Password change did not fail" + + +@pytest.mark.ticket(bz=[1067476, 1065534]) +@pytest.mark.topology(KnownTopology.LDAP) +def test_ldap__user_with_whitespace(client: Client, ldap: LDAP): + """ + :title: user with a whitespace at beginning is able to login and "id" + :setup: + 1. Add users " space1" and "user1" to LDAP + 2. Set uids and passwords to users + 3. Clear memcache, logs and db + 4. Start SSSD + :steps: + 1. Fetch user " space1" information using 'id' + 2. Login user " space1" via ssh + 3. Login user "space1" via ssh + 4. Fetch "user1" user information using 'id' + 5. Fetch " user1" user information using 'id' + :expectedresults: + 1. " space1" is fetched and has correct id + 2. " space1" is able to login + 3. "space1" is not able to login + 4. "user1" is fetched and has correct id + 5. " user1" is not fetched + :customerscenario: True + """ + ldap.user(" space1").add(uid=10011, password="Secret123") + ldap.user("user1").add(uid=10012, password="Secret123") + client.sssd.clear(db=True, memcache=True, logs=True) + client.sssd.start() + + result = client.tools.id(" space1") + assert result is not None, "User ' space1' was not found" + assert result.user.id == 10011, "User ' space1' has wrong id" + + assert client.auth.ssh.password(" space1", "Secret123"), "Authentication for user ' space1' failed" + assert not client.auth.ssh.password("space1", "Secret123"), "Authentication for user 'space1' did not fail" + + result = client.tools.id("user1") + assert result is not None, "User 'user1' was not found" + assert result.user.id == 10012, "User 'user1' has wrong id" + + result = client.tools.id(" user1") + assert result is None, "User ' user1' was found, not expected" + + +@pytest.mark.importance("high") +@pytest.mark.authentication +@pytest.mark.ticket(bz=1507035) +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.parametrize("method", ["su", "ssh"]) +def test_ldap__password_change(client: Client, ldap: LDAP, method: str): + """ + :title: Change password with shadow ldap password policy + :setup: + 1. Allow user to change its own password in LDAP + 2. Create LDAP user "tuser" with shadowLastChange = 0 + 3. Set ldap_pwd_policy to "shadow" + 4. Set ldap_chpass_update_last_change to "True" + 5. Start SSSD + :steps: + 1. Autheticate as "tuser" with old password + 2. Autheticate as "tuser" with new password + :expectedresults: + 1. Password was expired and new password was expected and provided + 2. Authentication with new password was successful + :customerscenario: True + """ + ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)') + ldap.user("tuser").add( + uid=999011, gid=999011, shadowMin=0, shadowMax=99999, shadowWarning=7, shadowLastChange=0, password="Secret123" + ) + + client.sssd.domain["ldap_pwd_policy"] = "shadow" + client.sssd.domain["ldap_chpass_update_last_change"] = "True" + client.sssd.start() + + # Password is expired, change it + assert client.auth.parametrize(method).password_expired("tuser", "Secret123", "Redhat@321") + + # Authenticate with new password + assert client.auth.parametrize(method).password("tuser", "Redhat@321") diff --git a/src/tests/system/tests/test_memory_cache.py b/src/tests/system/tests/test_memory_cache.py new file mode 100644 index 00000000000..ad35d1d1876 --- /dev/null +++ b/src/tests/system/tests/test_memory_cache.py @@ -0,0 +1,1658 @@ +""" +SSSD Memory cache-related Test Cases + +:requirement: IDM-SSSD-REQ: Client side performance improvements +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.roles.ldap import LDAP +from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup + + +@pytest.mark.importance("critical") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__getpwnam(client: Client, provider: GenericProvider): + """ + :title: Lookup user by name uses memory cache when SSSD is stopped + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(name) + 2. Check that results have correct names + 3. Stop SSSD + 4. Find 'user1', 'user2' and 'user3' with id(name) + 5. Check that results have correct names + :expectedresults: + 1. Users are found + 2. Users have correct names + 3. SSSD is stopped + 4. Users are found + 5. Users have correct names + :customerscenario: False + """ + + def check(users): + for user in users: + result = client.tools.id(user) + assert result is not None, f"User {user} was not found using id" + assert result.user.name == user, f"Username {result.user.name} is incorrect, {user} expected" + + users = ["user1", "user2", "user3"] + for user in users: + provider.user(user).add() + + client.sssd.start() + + check(users) + client.sssd.stop() + check(users) + + +@pytest.mark.importance("critical") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__getgrnam(client: Client, provider: GenericProvider): + """ + :title: Lookup group by groupname uses memory cache when SSSD is stopped + :setup: + 1. Add 'group1', 'group2' and 'group3' to SSSD + 2. Start SSSD + :steps: + 1. Find 'group1', 'group2' and 'group3' with getent.group(name) + 2. Check that groups have correct names + 3. Stop SSSD + 4. Find 'group1', 'group2' and 'group3' with getent.group(name) + 5. Check that groups have correct names + :expectedresults: + 1. Groups are found + 2. Groups have correct names + 3. SSSD is stopped + 4. Groups are found + 5. Groups have correct names + :customerscenario: False + """ + + def check(groups): + for group in groups: + result = client.tools.getent.group(group) + assert result is not None, f"Group {group} was not found using getent" + assert result.name == group, f"Groupname {result.name} is incorrect, {group} expected" + + groups = ["group1", "group2", "group3"] + for group in groups: + provider.group(group).add() + + client.sssd.start() + + check(groups) + client.sssd.stop() + check(groups) + + +@pytest.mark.importance("high") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__disabled_passwd_getgrnam(client: Client, provider: GenericProvider): + """ + :title: Lookup group by groupname uses memory cache when SSSD is stopped and 'memcache_size_passwd' = 0 + :setup: + 1. Add 'group1', 'group2' and 'group3' to SSSD + 2. In SSSD nss change 'memcache_size_passwd' to '0' + 3. Start SSSD + :steps: + 1. Find 'group1', 'group2' and 'group3' with getent.group(name) + 2. Check that groups have correct names + 3. Stop SSSD + 4. Find 'group1', 'group2' and 'group3' with getent.group(name) + 5. Check that groups have correct names + :expectedresults: + 1. Groups are found + 2. Groups have correct names + 3. SSSD is stopped + 4. Groups are found + 5. Groups have correct names + :customerscenario: False + """ + + def check(groups): + for group in groups: + result = client.tools.getent.group(group) + assert result is not None, f"Group {group} was not found using getent" + assert result.name == group, f"Groupname {result.name} is incorrect, {group} expected" + + groups = ["group1", "group2", "group3"] + for group in groups: + provider.group(group).add() + + client.sssd.nss["memcache_size_passwd"] = "0" + client.sssd.start() + + check(groups) + client.sssd.stop() + check(groups) + + +@pytest.mark.importance("high") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__disabled_passwd_getpwnam(client: Client, provider: GenericProvider): + """ + :title: Lookup user by name when SSSD is stopped and 'memcache_size_passwd' = 0 + uses memory cache therefore user is not found + :setup: + 1. Add users to SSSD + 2. Set users uids and gids + 3. In SSSD nss change 'memcache_size_passwd' to '0' + 4. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(name) + 2. Check that users have correct names + 3. Stop SSSD + 4. Find users with id(name) + 5. Find users with id(uid) + :expectedresults: + 1. Users are found + 2. Users have correct names + 3. SSSD is stopped + 4. Users are not found + 5. Users are not found + :customerscenario: False + """ + ids = [("user1", 10001), ("user2", 10002), ("user3", 10003)] + for user, id in ids: + provider.user(user).add(uid=id, gid=id + 500) + + client.sssd.nss["memcache_size_passwd"] = "0" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for user, id in ids: + result = client.tools.id(user) + assert result is not None, f"User {user} was not found using id" + assert result.user.name == user, f"Username {result.user.name} is incorrect, {user} expected" + assert result.user.id == id, f"User id {result.user.id} is incorrect, {id} expected" + + client.sssd.stop() + + for user, id in ids: + assert client.tools.id(user) is None, f"User {user} was found which is not expected" + assert client.tools.id(id) is None, f"User with id {id} was found which is not expected" + + +@pytest.mark.importance("high") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__disabled_intitgroups_getgrnam(client: Client, provider: GenericProvider): + """ + :title: Lookup group by groupname when SSSD is stopped and 'memcache_size_initgroups' = 0 uses memory cache + :setup: + 1. Add 'group1', 'group2' and 'group3' to SSSD + 2. In SSSD nss change 'memcache_size_initgroups' to '0' + 3. Start SSSD + :steps: + 1. Find 'group1', 'group2' and 'group3' with getent.group(name) + 2. Check that groups have correct names + 3. Stop SSSD + 4. Find 'group1', 'group2' and 'group3' with getent.group(name) + 5. Check that groups have correct names + :expectedresults: + 1. Groups are found + 2. Groups have correct names + 3. SSSD is stopped + 4. Groups are found + 5. Groups have correct names + :customerscenario: False + """ + + def check(groups): + for group in groups: + result = client.tools.getent.group(group) + assert result is not None, f"Group {group} was not found using getent" + assert result.name == group, f"Groupname {result.name} is incorrect, {group} expected" + + groups = ["group1", "group2", "group3"] + for group in groups: + provider.group(group).add() + + client.sssd.nss["memcache_size_initgroups"] = "0" + client.sssd.start() + + check(groups) + client.sssd.stop() + check(groups) + + +@pytest.mark.importance("high") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__disabled_intitgroups_getpwnam(client: Client, provider: GenericProvider): + """ + :title: Lookup user by name and id when SSSD is stopped and 'memcache_size_initgroups' = 0 uses memory cache + :setup: + 1. Add users to SSSD + 2. Set users uids and ids + 3. In SSSD nss change 'memcache_size_initgroups' to '0' + 4. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(name) + 2. Check that users have correct names and uids + 3. Stop SSSD + 4. Find 'user1', 'user2' and 'user3' with id(name) + 5. Check that users have correct names and uids + 6. Find 'user1', 'user2' and 'user3' with id(uid) + 7. Check that users have correct names and uids + :expectedresults: + 1. Users are found + 2. Users have correct names and uids + 3. SSSD is stopped + 4. Users are found + 5. Users have correct names and uids + 6. Users are found + 7. Users have correct names and uids + :customerscenario: False + """ + + def check(ids): + for name, id in ids: + result = client.tools.id(name) + assert result is not None, f"User {name} was not found using id" + assert result.user.name == name, f"Username {result.user.name} is incorrect, {user} expected" + assert result.user.id == id, f"User id {result.user.id} is incorrect, {id} expected" + + result = client.tools.id(id) + assert result is not None, f"User with id {id} was not found using id" + assert result.user.name == name, f"Username {result.user.name} is incorrect, {user} expected" + assert result.user.id == id, f"User id {result.user.id} is incorrect, {id} expected" + + ids = [("user1", 10001), ("user2", 10002), ("user3", 10003)] + for user, id in ids: + provider.user(user).add(uid=id, gid=id + 500) + + client.sssd.nss["memcache_size_initgroups"] = "0" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + check(ids) + client.sssd.stop() + check(ids) + + +@pytest.mark.importance("high") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__disabled_group(client: Client, provider: GenericProvider): + """ + :title: Lookup user by name and id when SSSD is stopped and 'memcache_size_group' = 0 uses memory cache, + but lookup groups is not possible + :setup: + 1. Add users to SSSD + 2. Set users uids and gids + 3. Add groups to SSSD + 4. Set groups gids + 5. Add users to groups + 6. In SSSD nss change 'memcache_size_group' to '0' + 7. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(name) + 2. Check that users have correct names + 3. Find 'group1' and 'group2' by getent.group(gid) + 4. Check that groups have correct gids and members + 5. Stop SSSD + 6. Find 'user1', 'user2' and 'user3' with id(name) + 7. Check that users have correct names + 8. Find 'group1' and 'group2' by getent.group(name) + 9. Find 'group1' and 'group2' by getent.group(gid) + :expectedresults: + 1. Users are found + 2. Users have correct names + 3. Groups are found + 4. Groups have correct gids and members + 5. SSSD is stopped + 6. Users are found + 7. Users have correct names + 8. Groups are not found + 9. Groups are not found + :customerscenario: False + """ + + def check(users): + for user in users: + rUser = client.tools.id(user) + assert rUser is not None, f"User {rUser} was not found using id" + assert rUser.user.name == user, f"Username {rUser.user.name} is incorrect, {user} expected" + + u1 = provider.user("user1").add(uid=10001, gid=19001) + u2 = provider.user("user2").add(uid=10002, gid=19002) + u3 = provider.user("user3").add(uid=10003, gid=19003) + + provider.group("group1").add(gid=1111).add_member(u1) + provider.group("group2").add(gid=2222).add_members([u1, u2, u3]) + + client.sssd.nss["memcache_size_group"] = "0" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + users = ["user1", "user2", "user3"] + check(users) + + for group, members in [(1111, ["user1"]), (2222, ["user1", "user2", "user3"])]: + result = client.tools.getent.group(group) + assert result is not None, f"Group {group} was not found using getent" + assert result.gid == group, f"Group gid {result.gid} is incorrect, {group} expected" + assert result.members == members, f"Group {group} members did not match the expected ones" + + client.sssd.stop() + + check(users) + + assert client.tools.id("group1") is None, "Group group1 was found which is not expected" + assert client.tools.id("group2") is None, "Group group2 was found which is not expected" + assert client.tools.id(1111) is None, "Group with gid 1111 was found which is not expected" + assert client.tools.id(2222) is None, "Group with gid 2222 was found which is not expected" + + +@pytest.mark.importance("high") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__disabled_cache(client: Client, provider: GenericProvider): + """ + :title: Lookup user and group when SSSD is stopped and whole cache disabled + uses memory cache and therefore it is not possible + :setup: + 1. Add users to SSSD + 2. Set users uids + 3. Add groups to SSSD + 4. Set groups gids + 5. Add users to groups + 6. In SSSD nss change 'memcache_size_passwd' to '0' + 7. In SSSD nss change 'memcache_size_group' to '0' + 8. In SSSD nss change 'memcache_size_initgroups' to '0' + 9. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(name) + 2. Check that users have correct names + 3. Find 'group1' and 'group2' by getent.group(name) + 4. Check that groups have correct names and members + 5. Stop SSSD + 6. Find 'user1', 'user2' and 'user3' with id(name) + 7. Find 'user1', 'user2' and 'user3' with id(uid) + 8. Find 'group1' and 'group2' by getent.group(name) + 9. Find 'group1' and 'group2' by getent.group(gid) + :expectedresults: + 1. Users are found + 2. Users have correct names + 3. Groups are found + 4. Groups have correct names and members + 5. SSSD is stopped + 6. Users are not found + 7. Users are not found + 8. Groups are not found + 9. Groups are not found + :customerscenario: False + """ + u1 = provider.user("user1").add(uid=10001, gid=19001) + u2 = provider.user("user2").add(uid=10002, gid=19002) + u3 = provider.user("user3").add(uid=10003, gid=19003) + + provider.group("group1").add(gid=1111).add_member(u1) + provider.group("group2").add(gid=2222).add_members([u1, u2, u3]) + + client.sssd.nss["memcache_size_passwd"] = "0" + client.sssd.nss["memcache_size_group"] = "0" + client.sssd.nss["memcache_size_initgroups"] = "0" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for user in ["user1", "user2", "user3"]: + result = client.tools.id(user) + assert result is not None, f"User {user} was not found using id" + assert result.user.name == user, f"Username {result.user.name} is incorrect, {user} expected" + + for group, members in [("group1", ["user1"]), ("group2", ["user1", "user2", "user3"])]: + gresult = client.tools.getent.group(group) + assert gresult is not None, f"Group {group} was not found using id" + assert gresult.name == group, f"Groupname {gresult.name} is incorrect, {group} expected" + assert gresult.members == members, f"Group {group} members did not match the expected ones" + + client.sssd.stop() + + for user in ["user1", "user2", "user3"]: + assert client.tools.id(user) is None, f"User {user} was found which is not expected" + + for id in [10001, 10002, 10003]: + assert client.tools.id(id) is None, f"User with id {id} was found which is not expected" + + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group("group2") is None, "Group group2 was found which is not expected" + assert client.tools.getent.group(1111) is None, "Group with gid 1111 was found which is not expected" + assert client.tools.getent.group(2222) is None, "Group with gid 2222 was found which is not expected" + + +@pytest.mark.importance("critical") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__membership_by_group_name(client: Client, provider: GenericProvider): + """ + :title: Lookup user by name and test membership by name use memory cache when SSSD is stopped + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Add 'group1' and 'group2' to SSSD + 3. Add users to groups + 4. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(name) + 2. Check that users are members of correct groups + 3. Stop SSSD + 4. Find 'user1', 'user2' and 'user3' with id(name) + 5. Check that users are members of correct groups + :expectedresults: + 1. Users are found + 2. Users are members of correct groups + 3. SSSD is stopped + 4. Users are found + 5. Users are members of correct groups + :customerscenario: False + """ + + def check(): + result = client.tools.id("user1") + assert result is not None, "User user1 was not found using id" + assert result.memberof(["group1", "group2"]), "User user1 is member of incorrect groups" + + result = client.tools.id("user2") + assert result is not None, "User user2 was not found using id" + assert result.memberof(["group2"]), "User user2 is member of incorrect groups" + + result = client.tools.id("user3") + assert result is not None, "User user3 was not found using id" + assert result.memberof(["group2"]), "User user3 is member of incorrect groups" + + u1 = provider.user("user1").add() + u2 = provider.user("user2").add() + u3 = provider.user("user3").add() + + provider.group("group1").add().add_member(u1) + provider.group("group2").add().add_members([u1, u2, u3]) + + client.sssd.start() + + check() + client.sssd.stop() + check() + + +@pytest.mark.importance("critical") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__membership_by_group_id(client: Client, provider: GenericProvider): + """ + :title: Lookup user by name and test membership by gid use memory cache when SSSD is stopped + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Add 'group1', 'group2' and 'group3' to SSSD + 3. Set group gids + 4. Add users to groups + 5. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(name) + 2. Check that users are members of correct groups + 3. Stop SSSD + 4. Find 'user1', 'user2' and 'user3' with id(name) + 5. Check that users are members of correct groups + :expectedresults: + 1. Users are found + 2. Users are members of correct groups + 3. SSSD is stopped + 4. Users are found + 5. Users are members of correct groups + :customerscenario: False + """ + + def check(): + result = client.tools.id("user1") + assert result is not None, "User user1 was not found using id" + assert result.memberof([1001, 1002]), "User user1 is member of incorrect groups" + + result = client.tools.id("user2") + assert result is not None, "User user2 was not found using id" + assert result.memberof([1002]), "User user2 is member of incorrect groups" + + result = client.tools.id("user3") + assert result is not None, "User user3 was not found using id" + assert result.memberof([1002]), "User user3 is member of incorrect groups" + + u1 = provider.user("user1").add(uid=11001, gid=19001) + u2 = provider.user("user2").add(uid=11002, gid=19002) + u3 = provider.user("user3").add(uid=11003, gid=19003) + + provider.group("group1").add(gid=1001).add_member(u1) + provider.group("group2").add(gid=1002).add_members([u1, u2, u3]) + provider.group("group3").add(gid=1003) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + check() + client.sssd.stop() + check() + + +@pytest.mark.importance("critical") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__user_gids(client: Client, provider: GenericProvider): + """ + :title: Lookup user by id and test membership by gid use memory cache when SSSD is stopped + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Set users uids and gids + 3. Add 'group1' and 'group2' to SSSD + 4. Set groups gids + 5. Add users to groups + 6. Start SSSD + :steps: + 1. Find users by id(uid) + 2. Check that users are members of correct groups + 3. Stop SSSD + 4. Find users by id(uid) + 5. Check that users are members of correct groups + :expectedresults: + 1. Users are found + 2. Users are members of correct groups + 3. SSSD is stopped + 4. Users are found + 5. Users are members of correct groups + :customerscenario: False + """ + + def check(): + result = client.tools.id(2001) + assert result is not None, "User with id 2001 was not found using id" + assert result.memberof([101, 1001, 1002]), "User with id 2001 is member of incorrect groups" + + result = client.tools.id(2002) + assert result is not None, "User with id 2002 was not found using id" + assert result.memberof([102, 1002]), "User with id 2002 is member of incorrect groups" + + result = client.tools.id(2003) + assert result is not None, "User with id 2003 was not found using id" + assert result.memberof([103, 1002]), "User with id 2003 is member of incorrect groups" + + u1 = provider.user("user1").add(uid=2001, gid=101) + u2 = provider.user("user2").add(uid=2002, gid=102) + u3 = provider.user("user3").add(uid=2003, gid=103) + + provider.group("group1").add(gid=1001).add_member(u1) + provider.group("group2").add(gid=1002).add_members([u1, u2, u3]) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + check() + client.sssd.stop() + check() + + +@pytest.mark.importance("critical") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__getpwnam_fully_qualified_names(client: Client, provider: GenericProvider): + """ + :title: Lookup user by full name when 'use_fully_qualified_names' is 'true' + uses memory cache when sssd is stopped + :setup: + 1. Add 'user1' and 'user2' to SSSD + 2. In SSSD domain change 'use_fully_qualified_names' to 'true' + 3. Start SSSD + :steps: + 1. Find 'user1' and 'user2' with id(name) + 2. Find 'user1' and 'user2' with id(name@domain) + 3. Check that users have correct full names + 4. Stop SSSD + 5. Find 'user1' and 'user2' with id(name) + 6. Find 'user1' and 'user2' with id(name@domain) + 7. Check that users have correct full names + :expectedresults: + 1. Users are not found + 2. Users are found + 3. Users have correct full names + 4. SSSD is stopped + 5. Users are not found + 6. Users are found + 7. Users have correct full names + :customerscenario: False + """ + + def check(): + assert client.tools.id("user1") is None, "User user1 should not be found without fully qualified name" + assert client.tools.id("user2") is None, "User user2 should not be found without fully qualified name" + + result = client.tools.id("user1@test") + assert result is not None, "User user1@test was not found using id" + assert result.user.name == "user1@test", f"User {result.user.name} has incorrect name, user1@test expected" + + result = client.tools.id("user2@test") + assert result is not None, "User user2@test was not found using id" + assert result.user.name == "user2@test", f"User {result.user.name} has incorrect name, user2@test expected" + + provider.user("user1").add() + provider.user("user2").add() + + client.sssd.domain["use_fully_qualified_names"] = "true" + client.sssd.start() + + check() + client.sssd.stop() + check() + + +@pytest.mark.importance("critical") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__case_insensitive(client: Client, provider: GenericProvider): + """ + :title: Lookup user by case insensitive name when 'case_sensitive' is 'false' + uses memory cache when SSSD is stopped + :setup: + 1. Add 'user1' to SSSD + 2. Set user gid and uid + 3. Add groups to SSSD + 4. Set group gid + 5. Add member to the groups + 6. In SSSD domain change 'case_sensitive' to 'false' + 7. Start SSSD + :steps: + 1. Find users with getent.initgroups(name), where name is in random lower and upper case format + 2. Check that usernames are correct + 3. Check that user is member of correct groups + 4. Stop SSSD + 5. Find user with getent.initgroups(name), where name is last name used when resolving user + 6. Check that username is correct + 7. Check that user is member of correct groups + 8. Find users with getent.initgroups(name), where names are previously used names + :expectedresults: + 1. Users are found + 2. Users have correct names + 3. User is member of correct groups + 4. SSSD is stopped + 5. User is found + 6. User has correct name + 7. User is member of correct groups + 8. Users are not found + :customerscenario: False + """ + u1 = provider.user("user1").add(uid=10001, gid=2001) + provider.group("group1").add(gid=10010).add_member(u1) + provider.group("group2").add(gid=10011).add_member(u1) + provider.group("group3").add(gid=10012).add_member(u1) + + client.sssd.domain["case_sensitive"] = "false" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for name in ["uSer1", "useR1", "USER1", "user1", "uSER1"]: + result = client.tools.getent.initgroups(name) + assert result.name == name, f"Username {result.name} is not correct, {name} expected" + assert result.memberof([10010, 10011, 10012]), f"User {result.name} is member of wrong groups" + + client.sssd.stop() + + result = client.tools.getent.initgroups("uSER1") + assert result.name == "uSER1", f"Username {result.name} is not correct, uSER1 expected" + assert result.memberof([10010, 10011, 10012]), f"User {result.name} is member of wrong groups" + + # Only last version of name is stored in cache + # That is why initgroups call returns no secondary groups + assert client.tools.getent.initgroups("uSer1").groups == [], "User uSer1 should not be found in cache" + assert client.tools.getent.initgroups("useR1").groups == [], "User useR1 should not be found in cache" + assert client.tools.getent.initgroups("USER1").groups == [], "User USER1 should not be found in cache" + assert client.tools.getent.initgroups("user1").groups == [], "User user1 should not be found in cache" + + +@pytest.mark.importance("critical") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__fq_names_case_insensitive(client: Client, provider: GenericProvider): + """ + :title: Lookup user by case insensitive fully qualified name when 'case_sensitive' is 'false' + and 'use_fully_qualified_names' is 'true' uses memory cache when SSSD is stopped + :setup: + 1. Add user to SSSD + 2. Add groups to SSSD + 3. Set groups gids + 4. Add members to the groups + 5. In SSSD domain change 'use_fully_qualified_names' to 'true' + 6. In SSSD domain change 'case_sensitive' to 'false' + 7. Start SSSD + :steps: + 1. Find user with names without domain + 2. Find user with getent.initgroups(name@domain), where name is in random lower and upper case format + 3. Check that user is members of correct groups + 4. Stop SSSD + 5. Find user with getent.initgroups(name@domain), where same name as in 2. + 6. Check that user is member of correct groups + 7. Find users with names, that should not be found + :expectedresults: + 1. User is not found + 2. User is found + 3. User is member of correct groups + 4. SSSD is stopped + 5. User is found + 6. User is member of correct groups + 7. Users are not found + :customerscenario: False + """ + u1 = provider.user("user1").add(gid=19001, uid=11001) + + provider.group("group1").add(gid=20001).add_member(u1) + provider.group("group2").add(gid=20002).add_member(u1) + provider.group("group3").add(gid=20003).add_member(u1) + + client.sssd.domain["use_fully_qualified_names"] = "true" + client.sssd.domain["case_sensitive"] = "false" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + assert client.tools.getent.initgroups("uSer1").groups == [], "User uSer1 should be found only with fq name" + assert client.tools.getent.initgroups("user1").groups == [], "User user1 should be found only with fq name" + + result = client.tools.getent.initgroups("uSer1@test") + assert result.memberof([20001, 20002, 20003]), "User uSer1@test is member of incorrect groups" + + client.sssd.stop() + + result = client.tools.getent.initgroups("uSer1@test") + assert result.memberof([20001, 20002, 20003]), "User uSer1@test is member of incorrect groups" + + assert client.tools.getent.initgroups("user1@test").groups == [], "User user1@test should not be found in cache" + assert client.tools.getent.initgroups("user1").groups == [], "User user1 should be found only with fq name" + assert client.tools.getent.initgroups("uSer1").groups == [], "User uSer1 should be found only with fq name" + + +@pytest.mark.importance("high") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidation_of_gids_after_initgroups(client: Client, provider: GenericProvider): + """ + :title: Invalidate groups after initgroups call when SSSD is stopped + :setup: + 1. Add 'user1' to SSSD + 2. Set user uid and gid + 3. Add groups to SSSD + 4. Set groups gids + 5. Add members to the groups + 6. Start SSSD + :steps: + 1. Check that "user1" has correct attributes + 2. Check that groups have correct attributes + 3. Check that "user1" has correct initgroups + 4. Stop SSSD + 5. Check that "group2" has correct attributes + 6. Check that "user1" has correct initgroups + 7. All "user1" initgroups should be invalidated and not found + :expectedresults: + 1. User has correct attributes + 2. Groups have correct attributes + 3. User has correct initgroups + 4. SSSD is stopped + 5. Group has correct attributes + 6. User has correct attributes + 7. Groups are not found + :customerscenario: False + """ + + def check_user_passwd(): + for user in ("user1", 10001): + result = client.tools.getent.passwd(user) + assert result is not None, f"User {user} was not found using getent" + assert result.uid == 10001, f"User id {result.uid} is incorrect, expected 10001" + assert result.name == "user1", f"Username {result.name} is incorrect, expected user1" + + def check_initgroups(): + result = client.tools.getent.initgroups("user1") + assert result.name == "user1", f"Username {result.name} is incorrect, user1 expected" + assert result.memberof([12345]), "User user1 is member of incorrect groups" + + def check_group(name, gid): + for group in (name, gid): + gresult = client.tools.getent.group(group) + assert gresult is not None, f"Group {group} was not found using getent" + assert gresult.name == name, f"Groupname {gresult.name} is incorrect, {name} expected" + assert gresult.gid == gid, f"Group gid {gresult.gid} is incorrect, {gid} expected" + + u1 = provider.user("user1").add(uid=10001, gid=19001) + + provider.group("group1").add(gid=12345).add_member(u1) + provider.group("group1_").add(gid=123450).add_member(u1) + provider.group("group2").add(gid=22222) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + check_user_passwd() + + check_group("group1", 12345) + check_group("group2", 22222) + + check_initgroups() + + client.sssd.stop() + + check_user_passwd() + check_group("group2", 22222) + + check_initgroups() + + assert client.tools.getent.group(12345) is None, "Group with gid 12345 was found which is not expected" + assert client.tools.getent.group(123450) is None, "Group with gid 123450 was found which is not expected" + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group("group1_") is None, "Group group1_ was found which is not expected" + + +@pytest.mark.importance("high") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__initgroups_without_change_in_membership(client: Client, provider: GenericProvider): + """ + :title: Invalidated cache, after refresh and stopped SSSD, has everything loaded in memory + :setup: + 1. Add 'user1' to SSSD + 2. Set user gid and uid + 3. Add 'group1' to SSSD + 4. Set group gid + 5. Add members to the group + 6. Start SSSD + :steps: + 1. Find user with id(name) and id(uid) + 2. Check that user is member of correct groups + 3. Find group with getent.group(name) and getent.group(gid) + 4. Check that the group have correct name and gid + 5. Invalidate whole cache + 6. Find user with id(name) and id(uid) + 7. Check that user is member of correct groups + 8. Find group with getent.group(name) and getent.group(gid) + 9. Check that the group have correct name and gid + 10. Stop SSSD + 11. Find user with id(name) and id(uid) + 12. Check that user is member of correct groups + 13. Find group with getent.group(name) and getent.group(gid) + 14. Check that the group have correct name and gid + :expectedresults: + 1. User is found + 2. User is member of correct groups + 3. Group is found + 4. Group has correct name and gid + 5. Cache is invalidated + 6. User is found + 7. User is member of correct groups + 8. Group is found + 9. Group has correct name and gid + 10. SSSD is stopped + 11. User is found + 12. User is member of correct groups + 13. Group is found + 14. Group has correct name and gid + :customerscenario: False + """ + + def check(): + result = client.tools.id("user1") + assert result is not None, "User user1 was not found using id" + assert result.memberof([111, 12345]), "User user1 is member of incorrect groups" + + result = client.tools.id(10001) + assert result is not None, "User with id 10001 was not found using id" + assert result.memberof([111, 12345]), "User with id 10001 is member of incorrect groups" + + gresult = client.tools.getent.group("group1") + assert gresult is not None, "Group group1 was not found using getent" + assert gresult.gid == 12345, f"Group gid {gresult.gid} is incorrect, 12345 expected" + + gresult = client.tools.getent.group(12345) + assert gresult is not None, "Group with gid 12345 was not found using getent" + assert gresult.name == "group1", f"Groupname {gresult.name} is incorrect, group1 expected" + + gresult = client.tools.getent.group("group2") + assert gresult is not None, "Group group2 was not found using getent" + assert gresult.gid == 222222, f"Group gid {gresult.gid} is incorrect, 222222 expected" + + gresult = client.tools.getent.group(222222) + assert gresult is not None, "Group with gid 222222 was not found using getent" + assert gresult.name == "group2", f"Groupname {gresult.name} is incorrect, group2 expected" + + result = client.tools.getent.initgroups("user1") + assert result.memberof([12345, 123450]), "User user1 is member of incorrect groups" + + u1 = provider.user("user1").add(uid=10001, gid=111) + provider.group("group1").add(gid=12345).add_member(u1) + provider.group("group1_").add(gid=123450).add_member(u1) + provider.group("group2").add(gid=222222) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + check() + client.sssctl.cache_expire(everything=True) + check() + client.sssd.stop() + check() + + +@pytest.mark.importance("critical") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidate_user_before_stop(client: Client, provider: GenericProvider): + """ + :title: Invalidate user cache before SSSD is stopped + :setup: + 1. Add 'user1' and 'user2' to SSSD + 2. Set users gids and uids + 3. Add 'group1' and 'group2' to SSSD + 4. Set groups gids + 5. Add members to the groups + 6. Start SSSD + :steps: + 1. Find user with id(name) + 2. Check that user has correct id + 3. Check that user is member of correct groups + 4. Invalidate cache for 'user1' + 5. Stop SSSD + 6. Find user by id(name) and id(uid) + 7. Find the user's groups by getent.group(name) and getent.group(uid) + :expectedresults: + 1. User is found + 2. User has correct id + 3. User is member of correct groups + 4. Cache is invalidated + 5. SSSD is stopped + 6. User is not found + 7. Group is not found + :customerscenario: False + """ + u1 = provider.user("user1").add(uid=123456, gid=110011) + u2 = provider.user("user2").add(uid=220022, gid=222222) + + provider.group("group1").add(gid=101010).add_member(u1) + provider.group("group2").add(gid=202020).add_members([u1, u2]) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.id("user1") + assert result is not None, "User user1 was not found using id" + assert result.user.id == 123456, f"User id {result.user.id} is incorrect, 123456 expected" + assert result.memberof([110011, 101010, 202020]), "User user1 is member of incorrect groups" + + client.sssctl.cache_expire(user="user1") + client.sssd.stop() + + assert client.tools.id("user1") is None, "User user1 was found which is not expected" + assert client.tools.id(123456) is None, "User with id 123456 was found which is not expected" + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" + assert client.tools.getent.group("group2") is None, "Group group2 was found which is not expected" + assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" + + +@pytest.mark.importance("critical") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidate_user_after_stop(client: Client, provider: GenericProvider): + """ + :title: Invalidate user cache after SSSD is stopped + :setup: + 1. Add 'user1' and 'user2' to SSSD + 2. Set users gids and uids + 3. Add 'group1' and 'group2' to SSSD + 4. Set groups gids + 5. Add members to the groups + 6. Start SSSD + :steps: + 1. Find user with id(name) + 2. Check that user has correct id + 3. Check that user is member of correct groups + 4. Stop SSSD + 5. Invalidate cache for 'user1' + 6. Find user by id(name) and id(uid) + 7. Find the user's groups by getent.group(name) and getent.group(uid) + :expectedresults: + 1. User is found + 2. User has correct id + 3. User is member of correct groups + 4. SSSD is stopped + 5. Cache is invalidated + 6. User is not found + 7. Group is not found + :customerscenario: False + """ + u1 = provider.user("user1").add(uid=123456, gid=110011) + u2 = provider.user("user2").add(uid=220022, gid=222222) + + provider.group("group1").add(gid=101010).add_member(u1) + provider.group("group2").add(gid=202020).add_members([u1, u2]) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.id("user1") + assert result is not None, "User user1 was not found using id" + assert result.user.id == 123456, f"User id {result.user.id} is incorrect, 123456 expected" + assert result.memberof([110011, 101010, 202020]), "User user1 is member of incorrect groups" + + client.sssd.stop() + client.sssctl.cache_expire(user="user1") + + assert client.tools.id("user1") is None, "User user1 was found which is not expected" + assert client.tools.id(123456) is None, "User with id 123456 was found which is not expected" + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" + assert client.tools.getent.group("group2") is None, "Group group2 was found which is not expected" + assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" + + +@pytest.mark.importance("critical") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidate_users_before_stop(client: Client, provider: GenericProvider): + """ + :title: Invalidate users cache before SSSD is stopped + :setup: + 1. Add 'user1' and 'user2' to SSSD + 2. Set users gids and uids + 3. Add 'group1' and 'group2' to SSSD + 4. Set groups gids + 5. Add members to the groups + 6. Start SSSD + :steps: + 1. Find users with id(name) + 2. Check that users have correct ids + 3. Check that users are members of correct groups + 4. Invalidate cache for all users + 5. Stop SSSD + 6. Find users by id(name) and id(uid) + 7. Find the groups of users by getent.group(name) and getent.group(uid) + :expectedresults: + 1. Users are found + 2. Users have correct ids + 3. Users are members of correct groups + 4. Cache is invalidated + 5. SSSD is stopped + 6. Users are not found + 7. Groups are not found + :customerscenario: False + """ + u1 = provider.user("user1").add(uid=123456, gid=110011) + u2 = provider.user("user2").add(uid=220022, gid=222222) + + provider.group("group1").add(gid=101010).add_member(u1) + provider.group("group2").add(gid=202020).add_members([u1, u2]) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.id("user1") + assert result is not None, "User user1 was not found using id" + assert result.user.id == 123456, f"User id {result.user.id} is incorrect, 123456 expected" + assert result.memberof([110011, 101010, 202020]), "User user1 is member of incorrect groups" + + result = client.tools.id("user2") + assert result is not None, "User user2 was not found using id" + assert result.user.id == 220022, f"User id {result.user.id} is incorrect, 220022 expected" + assert result.memberof([222222, 202020]), "User user2 is member of incorrect groups" + + client.sssctl.cache_expire(users=True) + client.sssd.stop() + + assert client.tools.id("user1") is None, "User user1 was found which is not expected" + assert client.tools.id(123456) is None, "User with id 123456 was found which is not expected" + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" + assert client.tools.getent.group("group2") is None, "Group group2 was found which is not expected" + assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" + assert client.tools.id("user2") is None, "User user2 was found which is not expected" + assert client.tools.id(220022) is None, "User with id 220022 was found which is not expected" + assert client.tools.getent.group(222222) is None, "Group with gid 222222 was found which is not expected" + + +@pytest.mark.importance("critical") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidate_users_after_stop(client: Client, provider: GenericProvider): + """ + :title: Invalidate users cache after SSSD is stopped + :setup: + 1. Add 'user1' and 'user2' to SSSD + 2. Set users gids and uids + 3. Add 'group1' and 'group2' to SSSD + 4. Set groups gids + 5. Add members to the groups + 6. Start SSSD + :steps: + 1. Find users with id(name) + 2. Check that users have correct ids + 3. Check that users are members of correct groups + 4. Stop SSSD + 5. Invalidate cache for all users + 6. Find users by id(name) and id(uid) + 7. Find the groups of users by getent.group(name) and getent.group(uid) + :expectedresults: + 1. Users are found + 2. Users have correct ids + 3. Users are members of correct groups + 4. SSSD is stopped + 5. Cache is invalidated + 6. Users are not found + 7. Groups are not found + :customerscenario: False + """ + u1 = provider.user("user1").add(uid=123456, gid=110011) + u2 = provider.user("user2").add(uid=220022, gid=222222) + + provider.group("group1").add(gid=101010).add_member(u1) + provider.group("group2").add(gid=202020).add_members([u1, u2]) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.id("user1") + assert result is not None, "User user1 was not found using id" + assert result.user.id == 123456, f"User id {result.user.id} is incorrect, 123456 expected" + assert result.memberof([110011, 101010, 202020]), "User user1 is member of incorrect groups" + + result = client.tools.id("user2") + assert result is not None, "User user2 was not found using id" + assert result.user.id == 220022, f"User id {result.user.id} is incorrect, 220022 expected" + assert result.memberof([222222, 202020]), "User user2 is member of incorrect groups" + + client.sssd.stop() + client.sssctl.cache_expire(users=True) + + assert client.tools.id("user1") is None, "User user1 was found which is not expected" + assert client.tools.id(123456) is None, "User with id 123456 was found which is not expected" + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" + assert client.tools.getent.group("group2") is None, "Group group2 was found which is not expected" + assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" + assert client.tools.id("user2") is None, "User user2 was found which is not expected" + assert client.tools.id(220022) is None, "User with id 220022 was found which is not expected" + assert client.tools.getent.group(222222) is None, "Group with gid 222222 was found which is not expected" + + +@pytest.mark.importance("critical") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidate_group_before_stop(client: Client, provider: GenericProvider): + """ + :title: Invalidate group cache before SSSD is stopped + :setup: + 1. Add 'group1' to SSSD + 2. Set group gid + 3. Start SSSD + :steps: + 1. Find the 'group1' getent.group(name) + 2. Check that group has correct id + 3. Check that group has correct name + 4. Invalidate cache for 'group1' + 5. Stop SSSD + 6. Find the 'group1' getent.group(name) and getent.group(uid) + :expectedresults: + 1. Group is found + 2. Group has correct id + 3. Group has correct name + 4. Cache is invalidated + 5. SSSD is stopped + 6. Group is not found + :customerscenario: False + """ + provider.group("group1").add(gid=101010) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.getent.group("group1") + assert result is not None, "Group group1 was not found using getent" + assert result.name == "group1", f"Groupname {result.name} is incorrect, group1 expected" + assert result.gid == 101010, f"Group gid {result.gid} is incorrect, 101010 expected" + + client.sssctl.cache_expire(group="group1") + client.sssd.stop() + + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" + + +@pytest.mark.importance("critical") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidate_group_after_stop(client: Client, provider: GenericProvider): + """ + :title: Invalidate group cache after SSSD is stopped + :setup: + 1. Add 'group1' to SSSD + 2. Set group gid + 3. Start SSSD + :steps: + 1. Find the 'group1' getent.group(name) + 2. Check that group has correct id + 3. Check that group has correct name + 4. Stop SSSD + 5. Invalidate cache for 'group1' + 6. Find the 'group1' getent.group(name) and getent.group(uid) + :expectedresults: + 1. Group is found + 2. Group has correct id + 3. Group has correct name + 4. SSSD is stopped + 5. Cache is invalidated + 6. Group is not found + :customerscenario: False + """ + provider.group("group1").add(gid=101010) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.getent.group("group1") + assert result is not None, "Group group1 was not found using getent" + assert result.name == "group1", f"Groupname {result.name} is incorrect, group1 expected" + assert result.gid == 101010, f"Group gid {result.gid} is incorrect, 101010 expected" + + client.sssd.stop() + client.sssctl.cache_expire(group="group1") + + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" + + +@pytest.mark.importance("high") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidate_groups_before_stop(client: Client, provider: GenericProvider): + """ + :title: Invalidate groups cache before SSSD is stopped + :setup: + 1. Add 'group1' and 'group2' to SSSD + 2. Set groups gids + 3. Start SSSD + :steps: + 1. Find groups with getent.group(name) + 2. Check that groups have correct gids + 3. Invalidate cache for all groups + 4. Stop SSSD + 5. Find 'group1' and 'group2' with getent.group(name) and getent.group(gid) + :expectedresults: + 1. Groups are found + 2. Groups have correct gids + 3. Cache is invalidated + 4. SSSD is stopped + 5. Groups are not found + :customerscenario: False + """ + provider.group("group1").add(gid=101010) + provider.group("group2").add(gid=202020) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.getent.group("group1") + assert result is not None, "Group group1 was not found using getent" + assert result.gid == 101010, f"Group gid {result.gid} is incorrect, 101010 expected" + + result = client.tools.getent.group("group2") + assert result is not None, "Group group2 was not found using getent" + assert result.gid == 202020, f"Group gid {result.gid} is incorrect, 202020 expected" + + client.sssctl.cache_expire(groups=True) + client.sssd.stop() + + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" + assert client.tools.getent.group("group2") is None, "Group group2 was found which is not expected" + assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" + + +@pytest.mark.importance("high") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidate_groups_after_stop(client: Client, provider: GenericProvider): + """ + :title: Invalidate groups cache after SSSD is stopped + :setup: + 1. Add 'group1' and 'group2' to SSSD + 2. Set groups gids + 3. Start SSSD + :steps: + 1. Find groups with getent.group(name) + 2. Check that groups have correct gids + 3. Stop SSSD + 4. Invalidate cache for all groups + 5. Find 'group1' and 'group2' with getent.group(name) and getent.group(gid) + :expectedresults: + 1. Groups are found + 2. Groups have correct gids + 3. SSSD is stopped + 4. Cache is invalidated + 5. Groups are not found + :customerscenario: False + """ + provider.group("group1").add(gid=101010) + provider.group("group2").add(gid=202020) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.getent.group("group1") + assert result is not None, "Group group1 was not found using getent" + assert result.gid == 101010, f"Group gid {result.gid} is incorrect, 101010 expected" + + result = client.tools.getent.group("group2") + assert result is not None, "Group group2 was not found using getent" + assert result.gid == 202020, f"Group gid {result.gid} is incorrect, 202020 expected" + + client.sssd.stop() + client.sssctl.cache_expire(groups=True) + + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" + assert client.tools.getent.group("group2") is None, "Group group2 was found which is not expected" + assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" + + +@pytest.mark.importance("critical") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidate_everything_before_stop(client: Client, provider: GenericProvider): + """ + :title: Invalidate all parts of cache before SSSD is stopped + :setup: + 1. Add 'user1' and 'user2' to SSSD + 2. Set users uids and gids + 3. Add 'group1' and 'group2' to SSSD + 4. Set groups gids + 5. Add members to the groups + 6. Start SSSD + :steps: + 1. Find users with id(name) + 2. Check that users have correct uids + 3. Find groups with getent.group(name) + 4. Check that groups have correct gids + 5. Invalidate all parts of cache + 6. Stop SSSD + 7. Find 'user1' and 'user2' with id(name) and id(uid) + 8. Find 'group1' and 'group2' with getent.group(name) and getent.group(gid) + :expectedresults: + 1. Users are found + 2. Users have correct uids + 3. Groups are found + 4. Groups have correct gids + 5. Cache is invalidated + 6. SSSD is stopped + 7. Users are not found + 8. Groups are not found + :customerscenario: False + """ + u1 = provider.user("user1").add(uid=123456, gid=110011) + u2 = provider.user("user2").add(uid=220022, gid=222222) + + provider.group("group1").add(gid=101010).add_member(u1) + provider.group("group2").add(gid=202020).add_members([u1, u2]) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.id("user1") + assert result is not None, "User user1 was not found using id" + assert result.user.id == 123456, f"User id {result.user.id} is incorrect, 123456 expected" + + result = client.tools.id("user2") + assert result is not None, "User user2 was not found using id" + assert result.user.id == 220022, f"User id {result.user.id} is incorrect, 220022 expected" + + gresult = client.tools.getent.group("group1") + assert gresult is not None, "Group group1 was not found using getent" + assert gresult.gid == 101010, f"Group gid {gresult.gid} is incorrect, 101010 expected" + + gresult = client.tools.getent.group("group2") + assert gresult is not None, "Group group2 was not found using getent" + assert gresult.gid == 202020, f"Group gid {gresult.gid} is incorrect, 202020 expected" + + client.sssctl.cache_expire(everything=True) + client.sssd.stop() + + assert client.tools.id("user1") is None, "User user1 was found which is not expected" + assert client.tools.id(123456) is None, "User with id 123456 was found which is not expected" + assert client.tools.id("user2") is None, "User user2 was found which is not expected" + assert client.tools.id(220022) is None, "User with id 220022 was found which is not expected" + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" + assert client.tools.getent.group("group2") is None, "Group group2 was found which is not expected" + assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" + + +@pytest.mark.importance("critical") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidate_everything_after_stop(client: Client, provider: GenericProvider): + """ + :title: Invalidate all parts of cache after SSSD is stopped + :setup: + 1. Add 'user1' and 'user2' to SSSD + 2. Set users uids and gids + 3. Add 'group1' and 'group2' to SSSD + 4. Set groups gids + 5. Add members to the groups + 6. Start SSSD + :steps: + 1. Find users with id(name) + 2. Check that users have correct uids + 3. Find groups with getent.group(name) + 4. Check that groups have correct gids + 5. Stop SSSD + 6. Invalidate all parts of cache + 7. Find 'user1' and 'user2' with id(name) and id(uid) + 8. Find 'group1' and 'group2' with getent.group(name) and getent.group(gid) + :expectedresults: + 1. Users are found + 2. Users have correct uids + 3. Groups are found + 4. Groups have correct gids + 5. SSSD is stopped + 6. Cache is invalidated + 7. Users are not found + 8. Groups are not found + :customerscenario: False + """ + u1 = provider.user("user1").add(uid=123456, gid=110011) + u2 = provider.user("user2").add(uid=220022, gid=222222) + + provider.group("group1").add(gid=101010).add_member(u1) + provider.group("group2").add(gid=202020).add_members([u1, u2]) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.id("user1") + assert result is not None, "User user1 was not found using id" + assert result.user.id == 123456, f"User id {result.user.id} is incorrect, 123456 expected" + + result = client.tools.id("user2") + assert result is not None, "User user2 was not found using id" + assert result.user.id == 220022, f"User id {result.user.id} is incorrect, 220022 expected" + + gresult = client.tools.getent.group("group1") + assert gresult is not None, "Group group1 was not found using getent" + assert gresult.gid == 101010, f"Group gid {gresult.gid} is incorrect, 101010 expected" + + gresult = client.tools.getent.group("group2") + assert gresult is not None, "Group group2 was not found using getent" + assert gresult.gid == 202020, f"Group gid {gresult.gid} is incorrect, 202020 expected" + + client.sssd.stop() + client.sssctl.cache_expire(everything=True) + + assert client.tools.id("user1") is None, "User user1 was found which is not expected" + assert client.tools.id(123456) is None, "User with id 123456 was found which is not expected" + assert client.tools.id("user2") is None, "User user2 was found which is not expected" + assert client.tools.id(220022) is None, "User with id 220022 was found which is not expected" + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" + assert client.tools.getent.group("group2") is None, "Group group2 was found which is not expected" + assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" + + +@pytest.mark.importance("critical") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__memcache_timeout_zero(client: Client, provider: GenericProvider): + """ + :title: Cache is not created at all when 'memcache_timeout' set to '0' + :setup: + 1. Add 'user1' to SSSD + 2. Set user uid + 3. Add 'group1' to SSSD + 4. Set group gid + 5. In SSSD nss change 'memcache_timeout' set to '0' + 6. Start SSSD + :steps: + 1. Check that cache is not created + 2. Find user with id(name) + 3. Check that user has correct uid + 4. Find group with getent.group(name) + 5. Check that group has correct gid + 6. Stop SSSD + 7. Find user with id(name) and id(uid) + 8. Find group with getent.group(name) and getent.group(gid) + :expectedresults: + 1. Cache is not created + 2. User is found + 3. User has correct uid + 4. Group is found + 5. Group has correct gid + 6. Stop SSSD + 7. User is not found + 8. Group is not found + :customerscenario: False + """ + provider.user("user1").add(uid=123456, gid=19001) + provider.group("group1").add(gid=10001) + + client.sssd.nss["memcache_timeout"] = "0" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + r = client.host.ssh.exec(["ls", "/var/lib/sss/mc"]) + assert r.stdout == "", "Cache directory is not empty" + assert r.stderr == "", "Ls command failed" + + result = client.tools.id("user1") + assert result is not None, "User user1 was not found using user1" + assert result.user.id == 123456, f"User id {result.user.id} is incorrect, 123456 expected" + + gresult = client.tools.getent.group("group1") + assert gresult is not None, "Group group1 is not found using getent" + assert gresult.gid == 10001, f"Group gid {gresult.gid} is incorrect, 10001 expected" + + client.sssd.stop() + + assert client.tools.id("user1") is None, "User user1 was found which is not expected" + assert client.tools.id(123456) is None, "User with id 123456 was found which is not expected" + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(10001) is None, "Group with gid 10001 was found which is not expected" + + +@pytest.mark.importance("critical") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__removed_cache_without_invalidation(client: Client, provider: GenericProvider): + """ + :title: SSSD is stopped, cache removed then users and groups cannot be lookedup + :setup: + 1. Add 'user1' to SSSD + 2. Set user uid and gid + 3. Add 'group1' to SSSD + 4. Set group gid + 5. Start SSSD + :steps: + 1. Find user with id(name) + 2. Check that user has correct uid + 3. Find group with getent.group(name) + 4. Check that group has correct gid + 5. Stop SSSD + 6. Remove cache files + 7. Find user with id(name) and id(uid) + 8. Find group with getent.group(name) and getent.group(gid) + :expectedresults: + 1. User is found + 2. User has correct uid + 3. Group is found + 4. Group has correct gid + 5. SSSD is stopped + 6. Cache files are removed + 7. User is not found + 8. Group is not found + :customerscenario: True + """ + provider.user("user1").add(uid=123456, gid=19001) + provider.group("group1").add(gid=10001) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.id("user1") + assert result is not None, "User user1 is not found using id" + assert result.user.id == 123456, f"User id {result.user.id} is incorrect, 123456 expected" + + gresult = client.tools.getent.group("group1") + assert gresult is not None, "Group group1 is not found using getent" + assert gresult.gid == 10001, f"Group gid {gresult.gid} is incorrect, 10001 expected" + + client.sssd.stop() + + r = client.host.ssh.exec(["ls", "/var/lib/sss/mc"]) + for file in r.stdout.split(): + check = client.host.ssh.exec(["rm", f"/var/lib/sss/mc/{file}"]) + assert check.rc == 0, "Cache file was not removed successfully" + + assert client.tools.id("user1") is None, "User user1 was found which is not expected" + assert client.tools.id(123456) is None, "User with id 123456 was found which is not expected" + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(10001) is None, "Group with gid 10001 was found which is not expected" + + +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.ticket(bz=2226021) +def test_memory_cache__truncate__nosigbus(client: Client, ldap: LDAP): + """ + :title: Accessing truncated in-memory cache file does not cause SIGBUS + :setup: + 1. Add 'user-1' to SSSD + 2. Start SSSD + :steps: + 1. Find 'user-1' so it is stored in in-memory cache + 2. Truncate /var/lib/sss/mc/passwd + 3. Check that 'user-1' can be correctly resolved + :expectedresults: + 1. User is found + 2. Size of /var/lib/sss/mc/passwd is 0 + 3. User can be found again and there is no crash + :customerscenario: True + """ + ldap.user("user-1").add() + + client.sssd.start() + + result = client.tools.id("user-1") + assert result is not None, "User was not found" + assert result.user.name == "user-1" + + client.fs.truncate("/var/lib/sss/mc/passwd") + + result = client.tools.id("user-1") + assert result is not None, "User was not found" + assert result.user.name == "user-1" diff --git a/src/tests/system/tests/test_netgroups.py b/src/tests/system/tests/test_netgroups.py new file mode 100644 index 00000000000..87ebafd21f2 --- /dev/null +++ b/src/tests/system/tests/test_netgroups.py @@ -0,0 +1,110 @@ +""" +Netgroup tests. + +:requirement: netgroup +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.topology import KnownTopologyGroup + + +@pytest.mark.importance("medium") +@pytest.mark.cache +@pytest.mark.ticket(gh=6652, bz=2162552) +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_netgroups__add_remove_netgroup_triple(client: Client, provider: GenericProvider): + """ + :title: Netgroup triple is correctly removed from cached record + :setup: + 1. Create local user "user-1" + 2. Create netgroup "ng-1" + 3. Add "(-,user-1,)" triple to the netgroup + 4. Start SSSD + :steps: + 1. Run "getent netgroup ng-1" + 2. Remove "(-,user-1,)" triple from "ng-1" + 3. Invalidate netgroup in cache "sssctl cache-expire -n ng-1" + 4. Run "getent netgroup ng-1" + :expectedresults: + 1. "(-,user-1,)" is present in the netgroup + 2. Triple was removed from the netgroup + 3. Cached record was invalidated + 4. "(-,user-1,)" is not present in the netgroup + :customerscenario: True + """ + user = provider.user("user-1").add() + ng = provider.netgroup("ng-1").add().add_member(user=user) + + client.sssd.start() + + result = client.tools.getent.netgroup("ng-1") + assert result is not None + assert result.name == "ng-1" + assert len(result.members) == 1 + assert "(-, user-1)" in result.members + + ng.remove_member(user=user) + client.sssctl.cache_expire(netgroups=True) + + result = client.tools.getent.netgroup("ng-1") + assert result is not None + assert result.name == "ng-1" + assert len(result.members) == 0 + + +@pytest.mark.importance("medium") +@pytest.mark.cache +@pytest.mark.ticket(gh=6652, bz=2162552) +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_netgroups__add_remove_netgroup_member(client: Client, provider: GenericProvider): + """ + :title: Netgroup member is correctly removed from cached record + :setup: + 1. Create local user "user-1" + 2. Create local user "user-2" + 3. Create netgroup "ng-1" + 4. Create netgroup "ng-2" + 5. Add "(-,user-1,)" triple to the netgroup "ng-1" + 6. Add "(-,user-2,)" triple to the netgroup "ng-2" + 7. Add "ng-1" as a member to "ng-2" + 8. Start SSSD + :steps: + 1. Run "getent netgroup ng-2" + 2. Remove "ng-1" from "ng-2" + 3. Invalidate netgroup "ng-2" in cache "sssctl cache-expire -n ng-2" + 4. Run "getent netgroup ng-2" + :expectedresults: + 1. "(-,user-1,)", "(-,user-2,)" is present in the netgroup + 2. Netgroup member was removed from the netgroup + 3. Cached record was invalidated + 4. "(-,user-1,)" is not present in the netgroup, only "(-,user-2,)" + :customerscenario: True + """ + u1 = provider.user("user-1").add() + u2 = provider.user("user-2").add() + + ng1 = provider.netgroup("ng-1").add().add_member(user=u1) + ng2 = provider.netgroup("ng-2").add().add_member(user=u2, ng=ng1) + + client.sssd.start() + + result = client.tools.getent.netgroup("ng-2") + assert result is not None + assert result.name == "ng-2" + assert len(result.members) == 2 + assert "(-, user-1)" in result.members + assert "(-, user-2)" in result.members + + ng2.remove_member(ng=ng1) + client.sssctl.cache_expire(netgroups=True) + + result = client.tools.getent.netgroup("ng-2") + assert result is not None + assert result.name == "ng-2" + assert len(result.members) == 1 + assert "(-, user-1)" not in result.members + assert "(-, user-2)" in result.members diff --git a/src/tests/system/tests/test_offline.py b/src/tests/system/tests/test_offline.py new file mode 100644 index 00000000000..d8ae60b86e2 --- /dev/null +++ b/src/tests/system/tests/test_offline.py @@ -0,0 +1,92 @@ +""" +Automation of offline tests + +:requirement: offline +""" + +from __future__ import annotations + +import time + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.ldap import LDAP +from sssd_test_framework.topology import KnownTopology + + +@pytest.mark.ticket(bz=1416150) +@pytest.mark.topology(KnownTopology.LDAP) +def test_offline__ldap_log_to_syslog(client: Client): + """ + :title: Log to syslog when sssd cannot contact servers goes offline + :setup: + 1. Set an invalid hostname uri and disable the offset to refresh sudo rules + 2. Start SSSD + :steps: + 1. Check domain status for default domain + 2. Clear journal and restart SSSD + 3. Check journalctl + :expectedresults: + 1. Domain is offline + 2. Succeed + 3. "Backend is offline" found + :customerscenario: True + """ + client.sssd.domain["ldap_uri"] = "ldaps://typo.invalid" + client.sssd.domain["ldap_sudo_random_offset"] = "0" + client.sssd.start() + assert client.sssd.default_domain is not None, "Failed to load default domain" + status = client.sssctl.domain_status(client.sssd.default_domain) + assert "Offline" in status.stdout or "Unable to get online status" in status.stderr, "Domain is not offline" + + client.journald.clear() + client.sssd.restart() + time.sleep(1) + + log = client.journald.journalctl(grep="Backend is offline", unit="sssd") + assert log.rc == 0, "'Backend is offline' is not logged" + + +@pytest.mark.importance("medium") +@pytest.mark.ticket(bz=1928648) +@pytest.mark.topology(KnownTopology.LDAP) +def test_offline__ldap_network_timeout_parameters_shown_in_logs(client: Client, ldap: LDAP): + """ + :title: Each timeout setting is properly logged in logs + :setup: + 1. Add user + 2. Start SSSD + :steps: + 1. Check that "Setting 6 seconds timeout [ldap_network_timeout] for connecting" is in logs + 2. Fetch information about user + 3. Block LDAP traffic + 4. Connect user over SSH + 5. Logs should contain following timeout parameters + - ldap_opt_timeout + - ldap_search_timeout + - ldap_network_timeout + - dns_resolver_timeout + :expectedresults: + 1. Timeout setting is stored in logs + 2. User is found + 3. LDAP traffic is blocked + 4. User is unable to connect + 5. The timeout parameters are in the logs + :customerscenario: True + """ + ldap.user("user1").add(password="Secret123") + client.sssd.start() + + log = client.fs.read(f"/var/log/sssd/sssd_{client.sssd.default_domain}.log") + assert "Setting 6 seconds timeout [ldap_network_timeout] for connecting" in log + + assert client.tools.id("user1") is not None + + client.firewall.outbound.drop_host(ldap) + + with pytest.raises(Exception): + client.ssh("user1", "Secret123").connect() + + log = client.fs.read(f"/var/log/sssd/sssd_{client.sssd.default_domain}.log") + for timeout in ["ldap_opt_timeout", "ldap_search_timeout", "ldap_network_timeout", "dns_resolver_timeout"]: + assert timeout in log, f"Value '{timeout}' not found in logs" diff --git a/src/tests/system/tests/test_passkey.py b/src/tests/system/tests/test_passkey.py new file mode 100644 index 00000000000..3ce26a68a38 --- /dev/null +++ b/src/tests/system/tests/test_passkey.py @@ -0,0 +1,413 @@ +""" +Passkey Tests. + +:requirement: passkey + +The passkey solution only enables to authenticate in a system where the +FIDO2 key is connected physically.This could be su login, the GUI, +or even ssh<user>@localhost. +Here, passkey support is tested with su, tests are running with +umockdev, not with a physical key. +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.roles.ipa import IPA +from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopology.Client) +@pytest.mark.builtwith(client="passkey") +def test_passkey__register__sssctl(client: Client, moduledatadir: str, testdatadir: str): + """ + :title: Register a key with sssctl + :setup: + 1. Setup IDM client with FIDO and umockdev setup + :steps: + 1. Use sssctl to register a FIDO2 key. + 2. Check the output. + :expectedresults: + 1. New key is registered. + 2. Output contains key mapping data. + :customerscenario: False + """ + mapping = client.sssctl.passkey_register( + username="user1", + domain="ldap.test", + pin=123456, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script", + ) + + with open(f"{testdatadir}/passkey-mapping") as f: + assert mapping == f.read().strip(), "Failed to register a key with sssctl" + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopology.IPA) +@pytest.mark.builtwith(client="passkey", ipa="passkey") +def test_passkey__register__ipa(ipa: IPA, moduledatadir: str, testdatadir: str): + """ + :title: Register a passkey with the IPA command + :setup: + 1. Setup IDM client with FIDO and umockdev setup + :steps: + 1. Use ipa command to register a FIDO2 key. + 2. Check the output that contains the user key mapping data. + :expectedresults: + 1. New key is registered with IPA command. + 2. Output contains key mapping data. + :customerscenario: False + """ + mapping = ( + ipa.user("user1") + .add() + .passkey_add_register( + pin=123456, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script", + ) + ) + + with open(f"{testdatadir}/passkey-mapping") as f: + assert mapping == f.read().strip(), "Failed to register a key with the IPA command" + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.builtwith(client="passkey", provider="passkey") +def test_passkey__su(client: Client, provider: GenericProvider, moduledatadir: str, testdatadir: str): + """ + :title: Check su authentication of user with LDAP, IPA, AD and Samba + :setup: + 1. Add a user in LDAP, IPA, AD and Samba with passkey_mapping. + 2. Setup SSSD client with FIDO and umockdev, start SSSD service. + :steps: + 1. Check su authentication of the user. + :expectedresults: + 1. User su authenticates successfully. + :customerscenario: False + """ + suffix = type(provider).__name__.lower() + + if suffix == "ldap": + client.sssd.domain["local_auth_policy"] = "only" + + with open(f"{testdatadir}/passkey-mapping.{suffix}") as f: + provider.user("user1").add().passkey_add(f.read().strip()) + + client.sssd.start() + + assert client.auth.su.passkey( + username="user1", + pin=123456, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script.{suffix}", + ) + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.builtwith(client="passkey", provider="passkey") +def test_passkey__su_fail_pin(client: Client, provider: GenericProvider, moduledatadir: str, testdatadir: str): + """ + :title: Check su authentication deny of user with LDAP, IPA, AD and Samba with incorrect pin + :setup: + 1. Add a LDAP, IPA, AD and Samba user with passkey_mapping. + 2. Setup SSSD client with FIDO and umockdev, start SSSD service. + :steps: + 1. Check su authentication of the user with incorrect PIN. + :expectedresults: + 1. User failed to su authenticate. + :customerscenario: False + """ + suffix = type(provider).__name__.lower() + + if suffix == "ldap": + client.sssd.domain["local_auth_policy"] = "only" + + with open(f"{testdatadir}/passkey-mapping.{suffix}") as f: + provider.user("user1").add().passkey_add(f.read().strip()) + + client.sssd.start() + + assert not client.auth.su.passkey( + username="user1", + pin=67890, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script.{suffix}", + ) + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.builtwith(client="passkey", provider="passkey") +def test_passkey__su_fail_mapping(client: Client, provider: GenericProvider, moduledatadir: str, testdatadir: str): + """ + :title: Check su authentication deny of user with LDAP, IPA, AD and Samba with incorrect mapping + :setup: + 1. Add a LDAP, IPA, AD and Samba user with passkey_mapping. + 2. Setup SSSD client with FIDO and umockdev, start SSSD service. + :steps: + 1. Check su authentication of the user with incorrect passkey mapping. + :expectedresults: + 1. User failed to su authenticate. + :customerscenario: False + """ + suffix = type(provider).__name__.lower() + + if suffix == "ldap": + client.sssd.domain["local_auth_policy"] = "only" + + # Here, we are using passkey-mapping from the other FIDO2 key. + + with open(f"{testdatadir}/passkey-mapping.{suffix}") as f: + provider.user("user1").add().passkey_add(f.read().strip()) + + client.sssd.start() + + assert not client.auth.su.passkey( + username="user1", + pin=123456, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script.{suffix}", + ) + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.builtwith(client="passkey", provider="passkey") +def test_passkey__su_srv_not_resolvable( + client: Client, provider: GenericProvider, moduledatadir: str, testdatadir: str +): + """ + :title: Check su authentication of a user with LDAP, IPA, AD and Samba when server is not resolvable + :setup: + 1. Add a LDAP, IPA, AD and Samba user with passkey_mapping. + 2. Setup SSSD client with FIDO and umockdev, start SSSD service. + :steps: + 1. Check su authentication of the user. + 2. Update the server url and restart the sssd service to reflect the changes. + 3. Check su authentication of the user. + :expectedresults: + 1. User su authenticates successfully. + 2. Successfully update the sssd.conf and restarted the sssd service. + 3. User su authenticates successfully due to cached data. + :customerscenario: False + """ + suffix = type(provider).__name__.lower() + if suffix == "ipa": + server_url = "ipa_server" + elif suffix == "ldap": + server_url = "ldap_uri" + client.sssd.domain["local_auth_policy"] = "only" + elif suffix == "samba" or "ad": + server_url = "ad_server" + else: + assert False, "provider not found" + + with open(f"{testdatadir}/passkey-mapping.{suffix}") as f: + provider.user("user1").add().passkey_add(f.read().strip()) + + client.sssd.start() + + # First time check authentication to cache the user + assert client.auth.su.passkey( + username="user1", + pin=123456, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script.{suffix}", + ) + + # Here we are making server/backend offline but not deleting cache and logs. + client.sssd.config.remove_option("domain/test", server_url) + client.sssd.domain[server_url] = "ldap://new.server.test" + client.sssd.start() + + assert client.auth.su.passkey( + username="user1", + pin=123456, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script.{suffix}", + ) + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.builtwith(client="passkey", provider="passkey") +def test_passkey__offline_su(client: Client, provider: GenericProvider, moduledatadir: str, testdatadir: str): + """ + :title: Check offline su authentication of a user with LDAP, IPA, AD and Samba + :setup: + 1. Add a LDAP, IPA, AD and Samba user with passkey_mapping. + 2. Setup SSSD client with FIDO and umockdev, start SSSD service. + :steps: + 1. Check su authentication of the user. + 2. Make server offline (by blocking traffic to the provider). + 3. Bring SSSD offline explicitly. + 4. Check su offline authentication of the user. + :expectedresults: + 1. User su authenticated successfully. + 2. Firewall rule added, traffic is dropped. + 3. SSSD is offline. + 4. Offline su authentication is successful. + :customerscenario: False + """ + suffix = type(provider).__name__.lower() + + with open(f"{testdatadir}/passkey-mapping.{suffix}") as f: + provider.user("user1").add().passkey_add(f.read().strip()) + + if suffix == "ldap": + client.sssd.domain["local_auth_policy"] = "only" + + client.sssd.start() + + # First time check authentication to cache the user + assert client.auth.su.passkey( + username="user1", + pin=123456, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script.{suffix}", + ) + + # Render the provider offline + client.firewall.outbound.reject_host(provider) + + # There might be active connections that are not terminated by creating firewall rule. + # We need to terminated it by bringing SSSD to offline state explicitly. + client.sssd.bring_offline() + + assert client.auth.su.passkey( + username="user1", + pin=123456, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script.{suffix}", + ) + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.builtwith(client="passkey", provider="passkey") +def test_passkey__user_fetch_from_cache( + client: Client, provider: GenericProvider, moduledatadir: str, testdatadir: str +): + """ + :title: Fetch a user from cache for LDAP, IPA, AD and Samba server + :setup: + 1. Add a user in LDAP, IPA, AD and Samba with passkey_mapping. + 2. Setup SSSD client with FIDO and umockdev, start SSSD service. + :steps: + 1. Check a user lookup. + 2. Check a user from cache using ldbsearch command. + :expectedresults: + 1. A user looked up successfully. + 2. Successfully get the user from ldbsearch command. + :customerscenario: False + """ + + suffix = type(provider).__name__.lower() + + with open(f"{testdatadir}/passkey-mapping.{suffix}") as f: + provider.user("user1").add().passkey_add(f.read().strip()) + + client.sssd.start() + + result = client.tools.id("user1") + output = client.ldb.search( + path="/var/lib/sss/db/cache_test.ldb", basedn="name=user1@test,cn=users,cn=test,cn=sysdb", filter="userPasskey" + ) + assert result is not None + assert output["name=user1@test,cn=users,cn=test,cn=sysdb"] is not None + assert "name=user1@test,cn=users,cn=test,cn=sysdb" in output.keys(), "user not find in cache" + assert "userPasskey" in (list(output.values())[0].keys()), "passkey mapping is not found in cache" + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.builtwith(client="passkey", provider="passkey") +def test_passkey__su_multi_keys_for_same_user( + client: Client, provider: GenericProvider, moduledatadir: str, testdatadir: str +): + """ + :title: Check su authentication of user when multiple keys added for same user with + LDAP, IPA, AD and Samba server. + :setup: + 1. Add a user with multiple mappings of passkey in LDAP, IPA, AD and Samba with passkey_mapping. + 2. Setup SSSD client with FIDO and umockdev, start SSSD service. + :steps: + 1. Check su authentication of the user. + :expectedresults: + 1. User su authenticates successfully. + :customerscenario: False + """ + suffix = type(provider).__name__.lower() + user_add = provider.user("user1").add() + + if suffix == "ldap": + client.sssd.domain["local_auth_policy"] = "only" + + for n in range(1, 5): + with open(f"{testdatadir}/passkey-mapping.{suffix}{n}") as f: + user_add.passkey_add(f.read().strip()) + + client.sssd.start() + + assert client.auth.su.passkey( + username="user1", + pin=123456, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script.{suffix}", + ) + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.builtwith(client="passkey", provider="passkey") +def test_passkey__su_same_key_for_multi_user( + client: Client, provider: GenericProvider, moduledatadir: str, testdatadir: str +): + """ + :title: Check su authentication of user when same key added for multiple user with LDAP, IPA, AD and Samba server. + :setup: + 1. Add three users with same passkey mapping in LDAP, IPA, AD and Samba with passkey_mapping. + 2. Setup SSSD client with FIDO and umockdev, start SSSD service. + :steps: + 1. Check su authentication of the user1, user2 and user3. + :expectedresults: + 1. User1, user2 and user3 su authenticates successfully with same mapping. + :customerscenario: False + """ + suffix = type(provider).__name__.lower() + + if suffix == "ldap": + client.sssd.domain["local_auth_policy"] = "only" + + client.sssd.start() + + for user in ["user1", "user2", "user3"]: + user_add = provider.user(user).add() + with open(f"{testdatadir}/passkey-mapping.{suffix}") as f: + user_add.passkey_add(f.read().strip()) + + assert client.auth.su.passkey( + username=user, + pin=123456, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script.{suffix}.{user}", + ) diff --git a/src/tests/system/tests/test_proxy.py b/src/tests/system/tests/test_proxy.py new file mode 100644 index 00000000000..6ea95c8f92a --- /dev/null +++ b/src/tests/system/tests/test_proxy.py @@ -0,0 +1,64 @@ +""" +Proxy Provider tests. + +:requirement: Ldap Provider - nss-pam-ldapd +""" + + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.ldap import LDAP +from sssd_test_framework.topology import KnownTopology + + +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.ticket(bz=895570) +def test_invalid_attribute_syntax(client: Client, ldap: LDAP): + """ + :title: Enabling proxy_fast_alias shows "ldb_modify failed: + [Invalid attribute syntax]" for id lookups. + :setup: + 1. Setup sssd for proxy provider. + 2. Enable proxy_fast_alias. + 3. Setup nslcd services. + 4. Add Ou and User. + :steps: + 1. id lookup a user. + 2. Check logs for "ldb_modify failed". + :expectedresults: + 1. id look up should success. + 2. Errors should not be seen on enabling proxy_fast_alias. + :customerscenario: True + """ + client.sssd.config["domain/test"] = { + "id_provider": "proxy", + "debug_level": "0xFFF0", + "proxy_lib_name": "ldap", + "proxy_pam_target": "sssdproxyldap", + "proxy_fast_alias": "true", + } + client.fs.write( + "/etc/pam.d/sssdproxyldap", + """ + auth required pam_ldap.so + account required pam_ldap.so + password required pam_ldap.so + session required pam_ldap.so + """, + ) + client.fs.write( + "/etc/nslcd.conf", + f"uid nslcd\ngid ldap\nuri " f"ldap://{ldap.host.hostname}\nbase " f"{ldap.ldap.naming_context}\n", + dedent=False, + ) + client.sssd.svc.restart("nslcd") + client.sssd.restart() + ou_users = ldap.ou("users").add() + user = ldap.user("user-1", basedn=ou_users).add(uid=10001, gid=10001, password="Secret123") + result = client.tools.id(user.name) + assert result is not None + assert result.user.name == user.name + log = client.fs.read(client.sssd.logs.domain()) + assert "ldb_modify failed: [Invalid attribute syntax]" not in log diff --git a/src/tests/system/tests/test_rootdse.py b/src/tests/system/tests/test_rootdse.py new file mode 100644 index 00000000000..5d292eb5dfc --- /dev/null +++ b/src/tests/system/tests/test_rootdse.py @@ -0,0 +1,236 @@ +""" +SSSD Log tests. + +:requirement: Ldap Provider - ldap_id_ldap_auth +""" + +from __future__ import annotations + +import time + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.ldap import LDAP +from sssd_test_framework.topology import KnownTopology + + +@pytest.mark.topology(KnownTopology.LDAP) +def test_ldap_search_base(client: Client, ldap: LDAP): + """ + :title: Without ldapsearch base specified in sssd conf and rootDSE exists + :setup: + 1. With sssd config set enumerate = True. + 2. Set sssd config nss part with filter_groups and filter_users to root. + 3. Add test user with password and make sure it can authenticate. + :steps: + 1. Without ldap_search_base set when user authenticates certain logs + should appear in sssd domain logs. + 2. Now set ldap_search_base in sssd config try with user authentication , + in sssd domain logs sdap_set_config_options_with_rootdse should not appear. + :expectedresults: + 1. Certain logs should appear in sssd domain logs + 2. In sssd domain logs sdap_set_config_options_with_rootdse should not appear. + :customerscenario: False + """ + base = ldap.ldap.naming_context + + client.sssd.dom("test")["enumerate"] = "true" + client.sssd.config["nss"] = { + "filter_groups": "root", + "filter_users": "root", + } + + ou_users = ldap.ou("users").add() + user = ldap.user("puser1", basedn=ou_users).add(uid=10001, gid=10001, password="Secret123") + + client.sssd.stop() + client.sssd.clear() + client.sssd.start() + + assert client.auth.ssh.password(user.name, "Secret123") + time.sleep(3) + + log = client.fs.read(client.sssd.logs.domain()) + for doc in [ + f"Setting option [ldap_search_base] to [{base}]", + f"Setting option [ldap_user_search_base] to [{base}]", + f"Setting option [ldap_group_search_base] to [{base}]", + f"Setting option [ldap_netgroup_search_base] to [{base}]", + ]: + assert doc in str(log) + client.sssd.dom("test")["ldap_search_base"] = ldap.ldap.naming_context + + client.sssd.stop() + client.sssd.clear() + client.sssd.start() + + assert client.auth.ssh.password("puser1", "Secret123") + time.sleep(3) + + log = client.fs.read(client.sssd.logs.domain()) + assert "sdap_set_config_options_with_rootdse" not in log + + +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.parametrize( + "user_search_base, search_base", + [ + ("ldap_user_search_base", "ou=People,dc=ldap,dc=test"), + ("ldap_group_search_base", "ou=Groups,dc=ldap,dc=test"), + ("ldap_netgroup_search_base", "ou=Netgroup,dc=ldap,dc=test"), + ], +) +def test_ldap_user_search_base_set(client: Client, ldap: LDAP, user_search_base, search_base): + """ + :title: Without ldapsearch base and with ldap user search base specified + :setup: + 1. With sssd config set enumerate = True. + 2. Set sssd config nss part with filter_groups and filter_users to root. + 3. Add test user with password and make sure it can authenticate. + :steps: + 1. Set user_search_base to sssd config. + 2. Set ldap_group_search_base to sssd config. + 3. Set ldap_netgroup_search_base to sssd config. + 4. With each search base there will be different logs generated in sssd domain logs. + :expectedresults: + 1. User_search_base should be set to sssd config. + 2. Ldap_group_search_base should be set to sssd config. + 3. Ldap_netgroup_search_base should be set to sssd config. + 4. There will be different logs generated in sssd domain logs. + :customerscenario: False + """ + base = ldap.ldap.naming_context + + client.sssd.dom("test")["enumerate"] = "true" + client.sssd.dom("test")[user_search_base] = search_base + client.sssd.config["nss"] = { + "filter_groups": "root", + "filter_users": "root", + } + + ou_users = ldap.ou("People").add() + user = ldap.user("puser1", basedn=ou_users).add(uid=10001, gid=10001, password="Secret123") + + client.sssd.stop() + client.sssd.clear() + client.sssd.start() + + result = client.tools.getent.passwd(user.name) + assert result is not None + assert result.name == user.name + + assert client.auth.ssh.password(user.name, "Secret123") + time.sleep(3) + + log = client.fs.read(client.sssd.logs.domain()) + match user_search_base: + case "ldap_user_search_base": + for doc in [ + "Got rootdse", + f"Setting option [ldap_search_base] to [{base}]", + f"Setting option [ldap_group_search_base] to [{base}]", + f"Setting option [ldap_netgroup_search_base] to [{base}]", + ]: + assert doc in str(log) + case "ldap_group_search_base": + for doc in [ + "Got rootdse", + f"Setting option [ldap_search_base] to [{base}]", + f"Setting option [ldap_user_search_base] to [{base}]", + f"Setting option [ldap_netgroup_search_base] to [{base}]", + ]: + assert doc in str(log) + case "ldap_netgroup_search_base": + for doc in [ + "Got rootdse", + f"Setting option [ldap_search_base] to [{base}]", + f"Setting option [ldap_user_search_base] to [{base}]", + f"Setting option [ldap_group_search_base] to [{base}]", + ]: + assert doc in str(log) + + +@pytest.mark.topology(KnownTopology.LDAP) +def test_default_naming_context(client: Client, ldap: LDAP): + """ + :title: Without ldapsearch base and default namingContexts + :setup: + 1. With sssd config set enumerate = True. + 2. Set sssd config nss part with filter_groups and filter_users to root. + 3. Add test user with password and make sure it can authenticate. + :steps: + 1. Sssd without ldapsearch base and default namingContexts. + 2. Sssd should generate some logs when try to authenticate with users. + :expectedresults: + 1. Sssd should work without ldapsearch base and default namingContexts. + 2. Sssd should generate some logs when try to authenticate with users. + :customerscenario: False + """ + base = ldap.ldap.naming_context + + client.sssd.dom("test")["enumerate"] = "true" + client.sssd.config["nss"] = { + "filter_groups": "root", + "filter_users": "root", + } + + ou_users = ldap.ou("People").add() + user = ldap.user("puser1", basedn=ou_users).add(uid=10001, gid=10001, password="Secret123") + + client.sssd.stop() + client.sssd.clear() + client.sssd.start() + + result = client.tools.getent.passwd(user.name) + assert result is not None + assert result.name == user.name + time.sleep(3) + + log = client.fs.read(client.sssd.logs.domain()) + assert "Got rootdse" in log + assert "Using value from [defaultNamingContext] as naming context" in log + assert f"Setting option [ldap_search_base] to [{base}]" in log + + +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.parametrize("user_search_base", ["dc=ldap,dc=test", "dc=shanks,dc=com"]) +def test_multiple_naming_contexts(client: Client, ldap: LDAP, user_search_base): + """ + :title: Without ldapsearch base and multiple namingContexts + :setup: + 1. With sssd config set enumerate = True. + 2. Set sssd config nss part with filter_groups and filter_users to root. + 3. Add test user with password and make sure it can authenticate. + :steps: + 1. Sssd with user_search_base "dc=ldap,dc=test" + 2. Sssd with user_search_base "dc=shanks,dc=com" + 3. With both the cases sssd authentication should work when we configure it with ldap_search_base, + ldap_user_search_base, ldap_group_search_base. + :expectedresults: + 1. Sssd should be configured user_search_base "dc=ldap,dc=test" + 2. Sssd should be configured user_search_base "dc=shanks,dc=com" + 3. User authentication should be success with both the cases. + :customerscenario: False + """ + base = ldap.ldap.naming_context + + ou_users = ldap.ou("People").add() + user = ldap.user("puser1", basedn=ou_users).add(uid=10001, gid=10001, password="Secret123") + + client.sssd.dom("test")["enumerate"] = "true" + client.sssd.dom("test")["ldap_search_base"] = user_search_base + client.sssd.dom("test")["ldap_user_search_base"] = f"ou=People,{base}" + client.sssd.dom("test")["ldap_group_search_base"] = f"ou=Groups,{base}" + client.sssd.config["nss"] = { + "filter_groups": "root", + "filter_users": "root", + } + + client.sssd.stop() + client.sssd.clear() + client.sssd.start() + + result = client.tools.getent.passwd(user.name) + assert result is not None + assert result.name == user.name + assert client.auth.ssh.password(user.name, "Secret123") diff --git a/src/tests/system/tests/test_schema.py b/src/tests/system/tests/test_schema.py new file mode 100644 index 00000000000..42a6715d598 --- /dev/null +++ b/src/tests/system/tests/test_schema.py @@ -0,0 +1,185 @@ +""" +schema tests. + +:requirement: ldap_extra_attrs +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.roles.ldap import LDAP +from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup + + +@pytest.mark.importance("high") +@pytest.mark.schema +@pytest.mark.ticket(gh=4153, bz=1362023) +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.parametrize("attrs", ["mail, firstname:givenname, lastname:sn", "given_email:mail"]) +def test_schema__ldap_extra_attrs_filled(client: Client, provider: GenericProvider, attrs: str): + """ + :title: SSSD starts correctly when ldap_user_extra_attrs is filled + :setup: + 1. Create new user "tuser" + 2. Add "given_email:mail" to ldap_user_extra_attrs + :steps: + 1. Start SSSD + 2. Run "getent passwd tuser" + :expectedresults: + 1. SSSD starts successfully + 2. "tuser" is present in the passwd db + :customerscenario: False + """ + provider.user("tuser").add() + client.sssd.domain["ldap_user_extra_attrs"] = attrs + + try: + client.sssd.start() + except Exception as e: + pytest.fail(f"Exception shouldn't be raised but we got {type(e)}: str(e)") + + result = client.tools.getent.passwd("tuser") + assert result is not None + assert result.name == "tuser" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_schema__ldap_extra_attrs_check_ldb(client: Client, provider: GenericProvider): + """ + :title: Recently added extra attributes should be in cache db along with their value + :setup: + 1. Create new user "user1" + 2. Add "description:gecos, userID:uidNumber, shell:loginShell, groupID:gidNumber" to ldap_user_extra_attrs + 3. Add "ldap_id_mapping" to domain config, to ensure correct ids on all topologies + 4. Start SSSD + :steps: + 1. Run "getent passwd user1" to store user attributes to cache + 2. Run ldbsearch command + :expectedresults: + 1. User is found + 2. Result has correct values + :customerscenario: True + """ + provider.user("user1").add(gid=111111, uid=100110, gecos="gecos user1", shell="/bin/sh", home="/home/user1") + client.sssd.domain[ + "ldap_user_extra_attrs" + ] = "description:gecos, userID:uidNumber, shell:loginShell, groupID:gidNumber" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.getent.passwd("user1") + assert result is not None, "getent passwd user1 failed" + + search = client.ldb.search( + f"/var/lib/sss/db/cache_{client.sssd.default_domain}.ldb", f"cn=users,cn={client.sssd.default_domain},cn=sysdb" + ) + + user_dict = search["name=user1@test,cn=users,cn=test,cn=sysdb"] + assert user_dict["description"] == ["gecos user1"], "attribute 'description' was not correct" + assert user_dict["shell"] == ["/bin/sh"], "attribute 'shell' was not correct" + assert user_dict["userID"] == ["100110"], "attribute 'userID' was not correct" + assert user_dict["groupID"] == ["111111"], "attribute 'groupID' was not correct" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_schema__ldap_extra_attrs_negative_cache(client: Client, provider: GenericProvider): + """ + :title: When extra attribute of user is added but not assigned, it is neither cached nor displayed + :setup: + 1. Create new user "user1" + 2. Add "number:telephonenumber" to ldap_user_extra_attrs + 3. Start SSSD + :steps: + 1. Run "getent passwd user1" to store user to cache + 2. Run ldbsearch command + :expectedresults: + 1. User is found + 2. "number" is not in the output + :customerscenario: False + """ + provider.user("user1").add() + + client.sssd.domain["ldap_user_extra_attrs"] = "number:telephonenumber" + + client.sssd.start() + + result = client.tools.getent.passwd("user1") + assert result is not None, "User is not found" + assert result.name == "user1", "User has wrong name" + + search = client.ldb.search( + f"/var/lib/sss/db/cache_{client.sssd.default_domain}.ldb", f"cn=users,cn={client.sssd.default_domain},cn=sysdb" + ) + + user_dict = search["name=user1@test,cn=users,cn=test,cn=sysdb"] + with pytest.raises(KeyError): + user_dict["number"] + + +@pytest.mark.topology(KnownTopology.LDAP) +def test_schema__ldap_extra_attrs_extra_email(client: Client, ldap: LDAP): + """ + :title: SSSD starts with ldap_user_email and ldap_user_extra_attrs and checks cached attributes + :setup: + 1. Create new user "user1", set them mail and gecos + 2. Edit config - ldap_user_extra_attrs = "email:mail, description:gecos" and ldap_user_email = "mail" + 3. Start SSSD + :steps: + 1. Run "getent passwd user1" to store user to cache + 2. Run ldbsearch command to get cached info + :expectedresults: + 1. User is found + 2. "mail" and "email" are in the output with correct value + :customerscenario: False + """ + ldap.user("user1").add(gecos="gecos1", mail="user1@example.test") + + client.sssd.domain["ldap_user_email"] = "mail" + client.sssd.domain["ldap_user_extra_attrs"] = "email:mail, description:gecos" + client.sssd.sssd["services"] = "nss, pam, ifp" + client.sssd.start() + + result = client.tools.getent.passwd("user1") + assert result is not None, "User is not found" + assert result.name == "user1", "User has wrong name" + + search = client.ldb.search( + f"/var/lib/sss/db/cache_{client.sssd.default_domain}.ldb", f"cn=users,cn={client.sssd.default_domain},cn=sysdb" + ) + + user_dict = search["name=user1@test,cn=users,cn=test,cn=sysdb"] + assert user_dict["description"] == ["gecos1"], "attribute 'descripion' was not correct" + assert user_dict["mail"] == ["user1@example.test"], "attribute 'mail' was not correct" + assert user_dict["email"] == ["user1@example.test"], "attribute 'email' was not correct" + + +@pytest.mark.ticket(bz=1667252) +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_schema__ldap_extra_attrs_ifp(client: Client, provider: GenericProvider): + """ + :title: ifp do not crash when requesting extra attributes + :setup: + 1. Create new user "user1" + 2. Configure 'test' ldap user extra attribute + 3. Start SSSD + :steps: + 1. Run "sssctl user-checks user1" + 2. Check SSSD status + :expectedresults: + 1. Command succeeded + 2. Checked successfully + :customerscenario: True + """ + provider.user("user1").add() + client.sssd.sssd["services"] = "nss, pam, ifp" + client.sssd.domain["ldap_user_extra_attrs"] = "test:homeDirectory" + client.sssd.ifp["user_attributes"] = "+test" + client.sssd.start() + + result = client.sssctl.user_checks("user1") + assert result.rc == 0, "sssctl user-checks command failed" + + result = client.sssd.svc.status("sssd") + assert result.rc == 0, "service status sssd failed" diff --git a/src/tests/system/tests/test_shadow.py b/src/tests/system/tests/test_shadow.py deleted file mode 100644 index 7117e48c4ab..00000000000 --- a/src/tests/system/tests/test_shadow.py +++ /dev/null @@ -1,43 +0,0 @@ -from __future__ import annotations - -import pytest -from sssd_test_framework.roles.client import Client -from sssd_test_framework.roles.ldap import LDAP -from sssd_test_framework.topology import KnownTopology - - -@pytest.mark.tier(0) -@pytest.mark.ticket(bz=1507035) -@pytest.mark.topology(KnownTopology.LDAP) -@pytest.mark.parametrize("method", ["su", "ssh"]) -def test_shadow__password_change(client: Client, ldap: LDAP, method: str): - """ - :title: Change password with shadow ldap password policy - :setup: - 1. Allow user to change its own password in LDAP - 2. Create LDAP user "tuser" with shadowLastChange = 0 - 3. Set ldap_pwd_policy to "shadow" - 4. Set ldap_chpass_update_last_change to "True" - 5. Start SSSD - :steps: - 1. Autheticate as "tuser" with old password - 2. Autheticate as "tuser" with new password - :expectedresults: - 1. Password was expired and new password was expected and provided - 2. Authentication with new password was successful - :customerscenario: True - """ - ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)') - ldap.user("tuser").add( - uid=999011, gid=999011, shadowMin=0, shadowMax=99999, shadowWarning=7, shadowLastChange=0, password="Secret123" - ) - - client.sssd.domain["ldap_pwd_policy"] = "shadow" - client.sssd.domain["ldap_chpass_update_last_change"] = "True" - client.sssd.start() - - # Password is expired, change it - assert client.auth.parametrize(method).password_expired("tuser", "Secret123", "Redhat@321") - - # Authenticate with new password - assert client.auth.parametrize(method).password("tuser", "Redhat@321") diff --git a/src/tests/system/tests/test_sss_cache.py b/src/tests/system/tests/test_sss_cache.py new file mode 100644 index 00000000000..f972f3dcba4 --- /dev/null +++ b/src/tests/system/tests/test_sss_cache.py @@ -0,0 +1,113 @@ +""" +sss_cache tests. + +:requirement: IDM-SSSD-REQ: Status utility +""" + +from __future__ import annotations + +import time + +import pytest +from pytest_mh.ssh import SSHProcessError +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup + + +@pytest.mark.ticket(bz=1661182) +@pytest.mark.topology(KnownTopology.Client) +def test_sss_cache__cache_expire_message(client: Client): + """ + :title: sss_cache do not print fake error messages + :setup: + 1. Configure SSSD without any domain + 2. Set to sssd section "enable_files_domain" to "false" + 3. Create local user + :steps: + 1. Restart SSSD + 2. Modify existing local user + 3. Expire cache with specific options + :expectedresults: + 1. Error is raised, SSSD is not running + 2. Modified successfully + 3. Output did not contain wrong messages + :customerscenario: True + """ + client.sssd.sssd["enable_files_domain"] = "false" + client.local.user("user1").add() + + with pytest.raises(SSHProcessError): + client.sssd.restart() + + res = client.host.ssh.run("usermod -a -G wheel user1") + assert "No domains configured, fatal error!" not in res.stdout + + for cmd in ("sss_cache -U", "sss_cache -G", "sss_cache -E", "sss_cache --user=nonexisting"): + res = client.host.ssh.run(cmd) + assert "No domains configured, fatal error!" not in res.stdout + + +@pytest.mark.importance("critical") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_sss_cache__background_refresh(client: Client, provider: GenericProvider): + """ + :title: Ensuring ldb cache data is refreshed correctly + :setup: + 1. Create provider user + 2. Create provider group + 3. Create provider netgroup + 4. Configure SSSD and set 'entry_cache_timeout' to 1 and 'refresh_expired_interval' to 2 + 5. Restart SSSD + 6. Populate the cache by performing 'getent' on the user, group and netgroup + :steps: + 1. Search for user, group and netgroup lastUpdate and dataExpireTimestamp in the ldb database + 2. Wait 5 seconds and search for all timestamp in the cache again + :expectedresults: + 1. The 'dataExpireTimestamp' value equals the 'lastUpdate + entry_cache_timeout' value + 2. User, group and netgroup 'lastUpdate' timestamp value has been refreshed + :customerscenario: False + """ + user = provider.user("test_user").add() + provider.group("test_group").add().add_member(user) + provider.netgroup("test_netgroup").add().add_member(user=user) + + domain = client.sssd.default_domain + entry_cache_timeout = 1 + refresh_expired_interval = 2 + + client.sssd.domain["entry_cache_timeout"] = str(entry_cache_timeout) + client.sssd.domain["refresh_expired_interval"] = str(refresh_expired_interval) + + client.sssd.restart() + client.tools.getent.passwd(f"test_user@{domain}") + client.tools.getent.group(f"test_group@{domain}") + client.tools.getent.netgroup(f"test_netgroup@{domain}") + + ldb_cache = f"/var/lib/sss/db/cache_{domain}.ldb" + ldb_suffix = f"cn={domain},cn=sysdb" + + last_update: list[int] = [] + expire_time: list[int] = [] + + for i in [f"test_user@{domain}", f"test_group@{domain}", "test_netgroup"]: + result = client.ldb.search(ldb_cache, ldb_suffix, filter=f"name={i}") + for k, v in result.items(): + for y in v.items(): + if y[0] == "lastUpdate": + last_update = last_update + [(int(y[1][0]))] + if y[0] == "dataExpireTimestamp": + expire_time = expire_time + [(int(y[1][0]))] + + for m, n in enumerate(last_update): + assert last_update[m] + entry_cache_timeout == expire_time[m] + + time.sleep(5) + + for s, t in enumerate([f"test_user@{domain}", f"test_group@{domain}", "test_netgroup"]): + result = client.ldb.search(ldb_cache, ldb_suffix, filter=f"name={t}") + for k, v in result.items(): + for y in v.items(): + if y[0] == "lastUpdate": + assert last_update[s] <= (int(y[1][0])) diff --git a/src/tests/system/tests/test_sss_override.py b/src/tests/system/tests/test_sss_override.py new file mode 100644 index 00000000000..1f65403cfb0 --- /dev/null +++ b/src/tests/system/tests/test_sss_override.py @@ -0,0 +1,267 @@ +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.topology import KnownTopology + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.topology(KnownTopology.AD) +@pytest.mark.topology(KnownTopology.Samba) +def test_sss_overrides__overriding_username_and_posix_attributes(client: Client, provider: GenericProvider): + """ + :title: Locally overriding the name and POSIX attributes of a user + :setup: + 1. Create POSIX user "user1" with standard POSIX attributes defined + 2. Start SSSD + :steps: + 1. Create local override for "user1" and name it "o-user1" + 2. Restart SSSD, this is necessary to enable local overrides + 3. Authenticate as "user1", the short and fully qualified name + 4. Authenticate as "o-user1", the short and fully qualified name + 5. Query the user "user1" and then override the POSIX attributes + 6. Query the username "user1", and local override name, "o-user1" + :expectedresults: + 1. Local override is created for "user1" + 2. SSSD has restarted successfully + 3. Authentication successful for both short and fully qualified name + 4. Authentication successful for both short and fully qualified name + 5. POSIX attributes for local override has been changed + 6. The name and overriden name is found and POSIX attributes are updated + :customerscenario: False + :requirement: IDM-SSSD-TC: ldap_provider: local_overrides: simple user override + """ + provider.user("user1").add( + uid=999011, gid=999011, home="/home/user1", gecos="user", shell="/bin/bash", password="Secret123" + ) + + client.sssd.domain["ldap_id_mapping"] = "False" + client.sssd.start() + + client.sss_override.user("user1").add(name="o-user1") + + client.sssd.restart() + + assert client.auth.ssh.password("user1", "Secret123") + assert client.auth.ssh.password(f"user1@{client.sssd.default_domain}", "Secret123") + assert client.auth.ssh.password("o-user1", "Secret123") + assert client.auth.ssh.password(f"o-user1@{client.sssd.default_domain}", "Secret123") + + result = client.tools.getent.passwd("o-user1") + + assert result is not None + assert result.uid == 999011 + assert result.gid == 999011 + + client.sss_override.user("user1").add(name="o-user1", uid=999999, gid=888888, home="/home/o-user1") + + result = client.tools.getent.passwd("user1") + assert result is not None + assert result.uid == 999999 + assert result.gid == 888888 + assert result.home == "/home/o-user1" + + result = client.tools.getent.passwd("o-user1") + assert result is not None + assert result.uid == 999999 + assert result.gid == 888888 + assert result.home == "/home/o-user1" + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.topology(KnownTopology.AD) +@pytest.mark.topology(KnownTopology.Samba) +def test_sss_overrides__overriding_group_name_and_gid(client: Client, provider: GenericProvider): + """ + :title: Locally overriding the name and GID of a group + :setup: + 1. Create group "group1" with posix attributes defined + 2. Start SSSD + :steps: + 1. Create local override "group1" and name it "o-group1" + 2. Restart SSSD, this is necessary to enable local overrides + 3. Query groups by the local override name + 4. Override the GID for the group "group1" + 5. Query groups by the override name + :expectedresults: + 1. Group local override is created + 2. SSSD has restarted successfully + 3. Group is found by the overriden name "o-group1" + 4. Local override POSIX attribute updated + 5. Group is found by the overriden name "o-group1" and GID changed + :customerscenario: False + :requirement: IDM-SSSD-TC: ldap_provider: local_overrides: simple group override + """ + provider.group("group1").add(gid=999999) + client.sssd.domain["ldap_id_mapping"] = "False" + client.sssd.start() + + group = client.sss_override.group("group1") + + group.add(name="o-group1") + + client.sssd.restart() + + result = client.tools.getent.group("group1") + assert result is not None + assert result.gid == 999999 + assert client.tools.getent.group("o-group1") + + group.add(name="o-group1", gid=888888) + + assert client.tools.getent.group("group1") + assert client.tools.getent.group("o-group1") + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.topology(KnownTopology.AD) +@pytest.mark.topology(KnownTopology.Samba) +def test_sss_overrides__root_uid_gid_cannot_be_used(client: Client, provider: GenericProvider): + """ + :title: Root user UID/GID cannot be overridden + :setup: + 1. Create POSIX user "user1" with standard POSIX attributes defined + 2. Start SSSD + :steps: + 1. Create local override "root" for user1 and set UID/GID to 0 + 2. Restart SSSD, this is necessary to enable local overrides + 3. Query the root user + 4. Query the root user and use sss as the service + 5. Query the POSIX user that is overridden to the root user + :expectedresults: + 1. Local override is created + 2. SSSD has restarted successfully + 3. The root user UID/GID has not been modified + 4. The override has no UID/GID attribute + 5. The POSIX user UID/GID has not been changed + :customerscenario: False + :requirement: IDM-SSSD-TC: ldap_provider: local_overrides: root user override + """ + provider.user("user1").add( + uid=999011, gid=999011, home="/home/user1", gecos="user", shell="/bin/bash", password="Secret123" + ) + client.sssd.domain["ldap_id_mapping"] = "False" + client.sssd.start() + + client.sss_override.user("user1").add(name="root", uid=0, gid=0) + + client.sssd.restart() + + result = client.tools.getent.passwd("root") + assert result is not None + assert result.uid == 0 + assert result.gid == 0 + + result = client.tools.getent.passwd("root", service="sss") + assert result is None + + result = client.tools.getent.passwd("user1") + assert result is not None + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.topology(KnownTopology.AD) +@pytest.mark.topology(KnownTopology.Samba) +def test_sss_overrides__export_then_import_user_and_group_override_data(client: Client, provider: GenericProvider): + """ + :title: Export and import the user and group local override data + :setup: + 1. Create posix user "user1" with posix attributes defined + 2. Start SSSD + :steps: + 1. Override user "user1" to "o-user1" + 2. Restart SSSD, this is necessary to enable local overrides + 3. Override group "group1" to "o-group1" + 4. Export user and group local overrides data to a file + 5. Delete overrides + 6. Restart SSSD + 7. Import user and group local overrides data + 8. Restart SSSD + 9. Search for user and group local overrides + :expectedresults: + 1. User local override has been created + 2. SSSD has been restarted successfully + 3. Group local override has been created + 4. Local overrides user and group data is exported to a file + 5. Local overrides are deleted + 6. SSSD has restarted successfully + 7. User and group local override data has been imported from the export + 8. SSSD has restarted successfully + 9. User and group local overrides are found + :customerscenario: False + :requirement: IDM-SSSD-TC: ldap_provider: local_overrides: import export user override + """ + provider.user("user1").add( + uid=999011, gid=999011, home="/home/user1", gecos="user", shell="/bin/bash", password="Secret123" + ) + provider.group("group1").add(gid=999999) + client.sssd.start() + + user = client.sss_override.user("user1") + group = client.sss_override.group("group1") + override = client.sss_override + + user.add(name="o-user1") + client.sssd.restart() + group.add(name="o-group1") + + # local_override.export_data(users=None) exports all user data + override.export_data() + user.delete() + group.delete() + + client.sssd.restart() + assert not client.sss_override.user("user1").get() + assert not client.sss_override.group("group1").get() + client.sss_override.import_data() + client.sssd.restart() + + assert client.sss_override.user("user1").get(["name"]) == {"name": ["o-user1"]} + assert client.sss_override.group("group1").get(["name"]) == {"name": ["o-group1"]} + + +@pytest.mark.importance("high") +@pytest.mark.ticket(bz=1254184) +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.topology(KnownTopology.AD) +@pytest.mark.topology(KnownTopology.Samba) +def test_sss_overrides__use_fully_qualified_names_is_true(client: Client, provider: GenericProvider): + """ + :title: Overriding user when use_fully_qualified_names is true + :setup: + 1. Create posix user "user1" with posix attributes defined + 2. Edit SSSD configuration and set "use_fully_qualified_names" = True + 3. Start SSSD + :steps: + 1. Override "user1" to "o-user1" + 2. Restart SSSD, this is necessary to enable local overrides + 3. Authenticate as "user1", only the fully qualified name + 4. Authenticate as "o-user1", only the fully qualified name + :expectedresults: + 1. User local override is created + 2. SSSD has restarted successfully + 3. Authentication successful + 4. Authentication successful + :customerscenario: False + :requirement: IDM-SSSD-TC: ldap_provider: local_overrides: regression 2757 override + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1254184 + """ + provider.user("user1").add( + uid=999011, gid=999011, home="/home/user1", gecos="user", shell="/bin/bash", password="Secret123" + ) + client.sssd.domain["use_fully_qualified_names"] = "True" + client.sssd.start() + + client.sss_override.user(f"user1@{client.sssd.default_domain}").add(name="o-user1") + + client.sssd.restart() + + assert client.auth.ssh.password("user1", "Secret123") is False + assert client.auth.ssh.password("o-user1", "Secret123") is False + assert client.auth.ssh.password(f"user1@{client.sssd.default_domain}", "Secret123") + assert client.auth.ssh.password(f"o-user1@{client.sssd.default_domain}", "Secret123") diff --git a/src/tests/system/tests/test_sssctl.py b/src/tests/system/tests/test_sssctl.py index 80fe47e5192..c575c941d8a 100644 --- a/src/tests/system/tests/test_sssctl.py +++ b/src/tests/system/tests/test_sssctl.py @@ -1,11 +1,22 @@ +""" +SSSCTL tests. + +:requirement: IDM-SSSD-REQ: Status utility +""" + from __future__ import annotations +import re + import pytest +from pytest_mh.ssh import SSHProcessError from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.ldap import LDAP from sssd_test_framework.topology import KnownTopology -@pytest.mark.tier(0) +@pytest.mark.importance("high") +@pytest.mark.tools @pytest.mark.ticket(bz=2100789) @pytest.mark.topology(KnownTopology.LDAP) def test_sssctl__check_id_provider(client: Client): @@ -20,9 +31,8 @@ def test_sssctl__check_id_provider(client: Client): 1. Successfully remove id_provider from domain section. 2. Successfully get the error message. :customerscenario: False - :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100789 """ - # create sssd.conf and start the sssd, with deafult configuration with a LDAP server. + # create sssd.conf and start the sssd, with default configuration with a LDAP server. client.sssd.start() # remove id_provider parameter from domain section. @@ -34,7 +44,8 @@ def test_sssctl__check_id_provider(client: Client): assert "[rule/sssd_checks]: Attribute 'id_provider' is missing in section 'domain/test'." in output.stdout_lines[1] -@pytest.mark.tier(0) +@pytest.mark.importance("high") +@pytest.mark.tools @pytest.mark.ticket(bz=2100789) @pytest.mark.topology(KnownTopology.LDAP) def test_sssctl__check_invalid_id_provider(client: Client): @@ -49,7 +60,6 @@ def test_sssctl__check_invalid_id_provider(client: Client): 1. Successfully remove id_provider from domain section. 2. Successfully get the error message. :customerscenario: False - :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100789 """ # create sssd.conf and start the sssd, with deafult configuration with a LDAP server. client.sssd.start() @@ -65,3 +75,872 @@ def test_sssctl__check_invalid_id_provider(client: Client): "[rule/sssd_checks]: Attribute 'id_provider' in section 'domain/test' has an invalid value: invalid" in output.stdout_lines[1] ) + + +@pytest.mark.ticket(bz=1640576) +@pytest.mark.builtwith("files-provider") +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__user_show_cache_expiration_time(client: Client): + """ + :title: sssctl user-show reports correct expiration time of local user + :setup: + 1. Add local users + 2. Configure local domain + 3. Start SSSD + :steps: + 1. Call sssctl user-show $user + 2. Check correct output + :expectedresults: + 1. Called successfully + 2. Output is as expected + :customerscenario: True + """ + client.local.user("local1").add() + client.local.user("local2").add() + client.local.user("local3").add() + + client.sssd.common.local() + client.sssd.default_domain = "local" + client.sssd.domain["id_provider"] = "files" + client.sssd.domain["passwd_files"] = "/etc/passwd" + + client.sssd.start() + + for user in {"local1", "local2", "local3"}: + cmd = client.sssctl.user_show(user=user) + assert cmd.rc == 0, "Command call failed" + assert "Cache entry expiration time: Never" in cmd.stdout, "Wrong output" + + +@pytest.mark.ticket(bz=1599207) +@pytest.mark.builtwith("files-provider") +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__handle_implicit_domain(client: Client): + """ + :title: sssctl handle implicit domain + :setup: + 1. Add local users + 2. Set sssd "enable_files_domain" to "true" + 3. Start SSSD + :steps: + 1. Call getent passwd user -s sss + 2. Call sssctl user-show --user=$user + 3. Check correct output + :expectedresults: + 1. Called successfully + 2. Called successfully + 3. Output is correct + :customerscenario: True + """ + client.local.user("local1").add() + client.local.user("local2").add() + client.local.user("local3").add() + + client.sssd.sssd["enable_files_domain"] = "true" + client.sssd.start() + + for user in {"local1", "local2", "local3"}: + assert client.tools.getent.passwd(user, service="sss") is not None + cmd = client.sssctl.user_show(user=user) + assert cmd.rc == 0 + assert "Cache entry creation date" in cmd.stdout + + +@pytest.mark.ticket(bz=1902280) +@pytest.mark.topology(KnownTopology.LDAP) +def test_sssctl__reset_cached_timestamps(client: Client, ldap: LDAP): + """ + :title: fix sssctl cache-expire to also reset cached timestamp + :setup: + 1. Add user to LDAP + 2. Add group to LDAP + 3. Set proper domain config options in sssd.conf file + 4. Start SSSD + :steps: + 1. Call getent group + 2. Modify group entry in LDAP + 3. Call 'sssctl cache-expire -E' + 4. Call getent group + :expectedresults: + 1. Group is properly cached, user is its member + 2. Member of group is removed, group entry changed + 3. Whole cache is invalidated + 4. User is not member of group anymore + :customerscenario: True + """ + u = ldap.user("user1").add() + ldap.group("group1", rfc2307bis=True).add().add_member(u) + + client.sssd.domain["ldap_schema"] = "rfc2307bis" + client.sssd.domain["ldap_group_member"] = "member" + + client.sssd.start() + + res1 = client.tools.getent.group("group1") + assert res1 is not None + assert "user1" in res1.members + + ldap.group("group1", rfc2307bis=True).remove_member(ldap.user("user1")) + client.sssctl.cache_expire(everything=True) + + res1 = client.tools.getent.group("group1") + assert res1 is not None + assert "user1" not in res1.members + + +@pytest.mark.importance("high") +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__check_typo_option_name(client: Client): + """ + :title: sssctl config-check detects mistyped option name + :setup: + 1. Add wrong_option to domain section + 2. Apply config + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error in config + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.dom("test")["wrong_option"] = "true" + client.sssd.config_apply(check_config=False) + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config, when SSSD is running" + assert "Attribute 'wrong_option' is not allowed" in result.stdout, "Wrong error message was returned" + + +@pytest.mark.importance("high") +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__check_typo_domain_name(client: Client): + """ + :title: sssctl config-check detects mistyped domain name + :setup: + 1. Create mistyped domain ("domain/") + 2. Start SSSD + :steps: + 1. Call sssctl config-check, implicitly + 2. Check error message + :expectedresults: + 1. config-check detects an error in config + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.dom("")["debug_level"] = "9" + + with pytest.raises(SSHProcessError) as ex: + client.sssd.start(raise_on_error=True, check_config=True) + + assert ex.match(r"Section \[domain\/\] is not allowed. Check for typos.*"), "Wrong error message was returned" + + +@pytest.mark.importance("high") +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__check_misplaced_option(client: Client): + """ + :title: sssctl config-check detects misplaced option + :setup: + 1. In domain set "services" to "nss, pam" + 2. Start SSSD, without config check + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error in config + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.dom("test")["services"] = "nss, pam" + + client.sssd.start(check_config=False) + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + + pattern = re.compile(r".Attribute 'services' is not allowed in section .*") + assert pattern.search(result.stdout), "Wrong error message was returned" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__check_invalid_option_name_in_snippet(client: Client): + """ + :title: sssctl config-check detects invalid option name in snippet + :setup: + 1. Create new conf snippet with invalid option name + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error in config snippet + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.fs.write("/etc/sssd/conf.d/01_snippet.conf", "[domain/local]\ninvalid_option = True", mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config snippet" + assert "Attribute 'invalid_option' is not allowed" in result.stdout, "Wrong error message was returned" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__check_invalid_domain_name_in_snippet(client: Client): + """ + :title: sssctl config-check detects invalid domain name in snippet + :setup: + 1. Create new conf snippet with invalid domain name + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error in config snippet + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.fs.write("/etc/sssd/conf.d/01_snippet.conf", "[invalid/local]\ninvalid_option = True", mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config snippet" + assert "Section [invalid/local] is not allowed" in result.stdout, "Wrong error message was returned" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__missing_equal_sign(client: Client): + """ + :title: sssctl config-check detects missing equals sign + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Edit config file so "=" is missing + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error messages are properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + conf = re.sub("id_provider = ", "id_provider ", client.fs.read("/etc/sssd/sssd.conf")) + client.fs.write("/etc/sssd/sssd.conf", conf, mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "Equal sign is missing" in result.stderr, "Wrong error message on stderr" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__special_character_option_name(client: Client): + """ + :title: option name contains special character + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Edit config file in a way that it contains special character + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + conf = re.sub("id_provider", "id_@provider", client.fs.read("/etc/sssd/sssd.conf")) + client.fs.write("/etc/sssd/sssd.conf", conf, mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "Attribute 'id_@provider' is not allowed in section" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__special_character_section_name(client: Client): + """ + :title: section name contains special character + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Edit config file in a way that it contains special character + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + conf = re.sub("domain/", "d$main/", client.fs.read("/etc/sssd/sssd.conf")) + client.fs.write("/etc/sssd/sssd.conf", conf, mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "Section [d$main/local] is not allowed" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__special_character_domain_name(client: Client): + """ + :title: domain name contains special character + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Edit config file in a way that it contains special character + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + conf = re.sub("domain/local", "domain/local@", client.fs.read("/etc/sssd/sssd.conf")) + client.fs.write("/etc/sssd/sssd.conf", conf, mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "Section [domain/local@] is not allowed" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__forward_slash_missing(client: Client): + """ + :title: Forward slash is not present between domain name and section name + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Edit config file in a way that forward slash is missing in section name + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + conf = re.sub("domain/local", "domainlocal", client.fs.read("/etc/sssd/sssd.conf")) + client.fs.write("/etc/sssd/sssd.conf", conf, mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "Section [domainlocal] is not allowed" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__sssd_section_name_typo(client: Client): + """ + :title: Typo in sssd section name + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Edit config file in a way that there is typo in sssd section name + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + conf = re.sub(".sssd.", "[sssdx]", client.fs.read("/etc/sssd/sssd.conf")) + client.fs.write("/etc/sssd/sssd.conf", conf, mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "Section [sssdx] is not allowed" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__pam_section_name_typo(client: Client): + """ + :title: Typo in pam section name + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Edit config file in a way that there is typo in sssd section name + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + conf = re.sub(".pam.", "[pamx]", client.fs.read("/etc/sssd/sssd.conf")) + client.fs.write("/etc/sssd/sssd.conf", conf, mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "Section [pamx] is not allowed" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__nss_section_name_typo(client: Client): + """ + :title: Typo in nss section name + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Edit config file in a way that there is typo in sssd section name + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + conf = re.sub(".nss.", "[nssx]", client.fs.read("/etc/sssd/sssd.conf")) + client.fs.write("/etc/sssd/sssd.conf", conf, mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "Section [nssx] is not allowed" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__verify_permission(client: Client): + """ + :title: Verify the permission of default configuration file + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Change permission of default config file + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + client.fs.chmod("0777", "/etc/sssd/sssd.conf") + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "File ownership and permissions check failed" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__verify_ownership(client: Client): + """ + :title: Verify the ownership of default configuration file + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Change ownership of default config file + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.local.user("user1").add() + client.local.group("group1").add() + client.sssd.common.local() + client.sssd.start() + client.fs.chown("/etc/sssd/sssd.conf", "user1", "group1") + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "File ownership and permissions check failed" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__verify_missing_closing_bracket(client: Client): + """ + :title: Missing closing bracket in sssd section name + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Edit config file in a way that there is missing closing bracket + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + conf = re.sub(".nss.", "[nssx", client.fs.read("/etc/sssd/sssd.conf")) + client.fs.write("/etc/sssd/sssd.conf", conf, mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "No closing bracket" in result.stderr, "Wrong error message on stderr" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__verify_missing_opening_bracket(client: Client): + """ + :title: Missing opening bracket in domain name + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Edit config file in a way that there is missing opening bracket + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + conf = re.sub(".domain/local.", "domain/local]", client.fs.read("/etc/sssd/sssd.conf")) + client.fs.write("/etc/sssd/sssd.conf", conf, mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "Equal sign is missing" in result.stderr, "Wrong error message on stderr" + assert "Failed to parse configuration" in result.stderr, "Wrong error message on stderr" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__verify_typo_in_config_with_two_domains(client: Client): + """ + :title: Verify typo in option name with multiple domains in default configuration file + :setup: + 1. Configure two ldap domains + 2. Make typo in both domains + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error messages are properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.dom("ldap1")["ldap_ri"] = "ldaps://invalid" + client.sssd.dom("ldap1")["id_provider"] = "ldap" + client.sssd.dom("ldap2")["ldap_ri"] = "ldaps://invalid" + client.sssd.dom("ldap2")["id_provider"] = "ldap" + client.sssd.sssd["domains"] = "ldap1, ldap2" + client.sssd.config_apply(check_config=False) + + res = client.sssctl.config_check() + assert res.rc != 0, "Config-check did not detect misconfigured config" + assert "Issues identified by validators: 2" in res.stdout, "Wrong number of issues found by validators" + assert "Attribute 'ldap_ri' is not allowed in section 'domain/ldap1'" in res.stdout, "Wrong error message" + assert "Attribute 'ldap_ri' is not allowed in section 'domain/ldap2'" in res.stdout, "Wrong error message" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__config_does_not_exist(client: Client): + """ + :title: sssctl detects missing config + :setup: + 1. Start SSSD, so default config is automatically created + 2. Remove config + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + client.fs.rm("/etc/sssd/sssd.conf") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "File /etc/sssd/sssd.conf does not exist" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1677994) +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__check_ldap_host_object_class_in_domain(client: Client): + """ + :title: sssctl config-check allow ldap_host_object_class in domain section + :setup: + 1. Add ldap_host_object_class to local domain section + 2. Start SSSD + :steps: + 1. Call sssctl config-check + :expectedresults: + 1. config-check succeed + :customerscenario: True + """ + client.sssd.default_domain = "local" + client.sssd.common.local() + client.sssd.domain["ldap_host_object_class"] = "ipService" + client.sssd.start(check_config=False) + + result = client.sssctl.config_check() + assert result.rc == 0, "Config-check failed" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1677994) +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__check_ldap_host_object_class_in_sssd(client: Client): + """ + :title: sssctl config-check do not allow ldap_host_object_class in sssd section + :setup: + 1. Add ldap_host_object_class to sssd section + 2. Start SSSD + :steps: + 1. Call sssctl config-check + :expectedresults: + 1. config-check succeed + :customerscenario: True + """ + client.sssd.common.local() + client.sssd.sssd["ldap_host_object_class"] = "ipService" + client.sssd.start(check_config=False) + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert ( + "Attribute 'ldap_host_object_class' is not allowed in section 'sssd'" in result.stdout + ), "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1856861) +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__enabling_2FA(client: Client): + """ + :title: False warnings are logged in sssd.log file after enabling 2FA prompting + :setup: + 1. Enable Two factor authentication + 2. Start SSSD + :steps: + 1. Call sssctl config-check + :expectedresults: + 1. config-check succeed + :customerscenario: True + """ + client.sssd.common.local() + client.sssd.section("prompting/2fa/sshd")["first_prompt"] = "Enter OTP Token Value:" + client.sssd.section("prompting/2fa/sshd")["single_prompt"] = "True" + + client.sssd.section("prompting/2fa")["first_prompt"] = "prompt1" + client.sssd.section("prompting/2fa")["second_prompt"] = "prompt2" + client.sssd.section("prompting/2fa")["single_prompt"] = "True" + + client.sssd.start(check_config=False) + result = client.sssctl.config_check() + assert result.rc == 0, "Config-check failed" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1791892) +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__auto_private_groups_in_child_domain(client: Client): + """ + :title: sssctl config-check detects false positive when auto_private_groups is enabled or disabled in child domains + :setup: + 1. Enable auto_private_groups in child domain + 2. Disable auto_private_groups in second child domain + 3. Start SSSD + :steps: + 1. Call sssctl config-check + :expectedresults: + 1. config-check succeed + :customerscenario: True + """ + client.sssd.common.local() + client.sssd.sssd["domains"] = "td5f4f77.com" + client.sssd.subdom("td5f4f77.com", "one5f4f77.td5f4f77.com")["auto_private_groups"] = "True" + client.sssd.subdom("td5f4f77.com", "two5f4f77.td5f4f77.com")["auto_private_groups"] = "False" + + client.sssd.start(check_config=False, debug_level=None) + result = client.sssctl.config_check() + assert result.rc == 0, "Config-check failed" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1723273) +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__non_default_config_location_snippet_directory(client: Client): + """ + :title: sssctl config-check complains about non existing snippet directory when config is non default + :setup: + 1. Copy sssd.conf file to different directory + :steps: + 1. Call sssctl config-check on that different directory + 2. Check error message + :expectedresults: + 1. config-check failed + 2. Error message is properly set + :customerscenario: True + """ + client.sssd.common.local() + client.sssd.config_apply() + client.fs.mkdir("/tmp/test/") + client.fs.copy("/etc/sssd/sssd.conf", "/tmp/test/") + + result = client.sssctl.config_check(config="/tmp/test/sssd.conf") + assert result.rc != 0, "Config-check successfully finished" + assert "Directory /tmp/test/conf.d does not exist" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1723273) +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__non_default_config_location_permission(client: Client): + """ + :title: sssctl config-check complains about proper permission when config is non default + :setup: + 1. Copy sssd.conf file to different directory and set it wrong permission + :steps: + 1. Call sssctl config-check on that different directory + 2. Check error message + :expectedresults: + 1. config-check failed + 2. Error message is properly set + :customerscenario: True + """ + client.sssd.common.local() + client.sssd.config_apply() + client.fs.mkdir("/tmp/test/") + client.fs.copy("/etc/sssd/sssd.conf", "/tmp/test/sssd.conf", mode="777") + + result = client.sssctl.config_check(config="/tmp/test/sssd.conf") + assert result.rc != 0, "Config-check successfully finished" + assert "File ownership and permissions check failed" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1723273) +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__non_default_config_location_ownership(client: Client): + """ + :title: sssctl config-check complains about proper ownership when config is non default + :setup: + 1. Copy sssd.conf file to different directory and set it wrong ownership + :steps: + 1. Call sssctl config-check on that different directory + 2. Check error message + :expectedresults: + 1. config-check failed + 2. Error message is properly set + :customerscenario: True + """ + client.local.user("user1").add() + client.sssd.common.local() + client.sssd.config_apply() + client.fs.mkdir("/tmp/test/") + client.fs.copy("/etc/sssd/sssd.conf", "/tmp/test/sssd.conf", user="user1") + + result = client.sssctl.config_check(config="/tmp/test/sssd.conf") + assert result.rc != 0, "Config-check successfully finished" + assert "File ownership and permissions check failed" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1723273) +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__non_default_config_location_option_name_typo(client: Client): + """ + :title: sssctl config-check detects typo in option name when config is non default + :setup: + 1. Copy sssd.conf file to different directory and mistype option name + :steps: + 1. Call sssctl config-check on that different directory + 2. Check error message + :expectedresults: + 1. config-check failed + 2. Error message is properly set + :customerscenario: True + """ + client.sssd.common.local() + client.sssd.default_domain = "local" + client.sssd.domain["search_base"] = "True" + client.sssd.config_apply(check_config=False) + + client.fs.mkdir("/tmp/test/") + client.fs.copy("/etc/sssd/sssd.conf", "/tmp/test/") + + result = client.sssctl.config_check(config="/tmp/test/sssd.conf") + assert result.rc != 0, "Config-check successfully finished" + assert ( + "Attribute 'search_base' is not allowed in section 'domain/local'" in result.stdout + ), "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1723273) +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__non_default_config_location_snippet_is_present(client: Client): + """ + :title: sssctl config-check does not complain about missing snippet directory after adding with proper permission + :setup: + 1. Copy sssd.conf file to different directory and create conf.d directory + :steps: + 1. Call sssctl config-check on that different directory + 2. Check error message + :expectedresults: + 1. config-check failed + 2. Error message is properly set + :customerscenario: True + """ + client.sssd.common.local() + client.sssd.config_apply(check_config=False) + + client.fs.mkdir("/tmp/test/") + client.fs.mkdir("/tmp/test/conf.d", mode="700") + client.fs.copy("/etc/sssd/sssd.conf", "/tmp/test/") + + result = client.sssctl.config_check(config="/tmp/test/sssd.conf") + assert result.rc == 0, "Config-check failed" + assert "Directory /tmp/test/conf.d does not exist" not in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1723273) +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__non_existing_snippet(client: Client): + """ + :title: sssctl config-check detects non existing snippet directory + :setup: + 1. Start SSSD, so default config is autimatically created + :steps: + 1. Call sssctl config-check with non existing snippet + 2. Check error message + :expectedresults: + 1. config-check failed + 2. Error message is properly set + :customerscenario: True + """ + client.sssd.common.local() + client.sssd.start() + result = client.sssctl.config_check(snippet="/does/not/exist") + assert result.rc != 0, "Config-check successfully finished" + assert "Directory /does/not/exist does not exist" in result.stdout, "Wrong error message on stdout" diff --git a/src/tests/system/tests/test_sssctl_analyze.py b/src/tests/system/tests/test_sssctl_analyze.py new file mode 100644 index 00000000000..0d2b372848d --- /dev/null +++ b/src/tests/system/tests/test_sssctl_analyze.py @@ -0,0 +1,282 @@ +""" +Automation tests for sssctl analyze + +:requirement: sssctl analyze +""" + +from __future__ import annotations + +import time + +import pytest +from pytest_mh.ssh import SSHAuthenticationError +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.ldap import LDAP +from sssd_test_framework.topology import KnownTopology + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1294670) +@pytest.mark.topology(KnownTopology.LDAP) +def test_sssctl_analyze__list(client: Client, ldap: LDAP): + """ + :title: "sssctl analyze request list" show captured nss related requests from sssd log + :setup: + 1. Add user and group + 2. Enable debug_level to 9 in the 'nss', 'pam' and domain section + 3. Start SSSD + :steps: + 1. Call id user1 and getent group group1 + 2. Call sssctl analyze request list, also with -v + 3. Find "getent" and " id" in result + 4. Clear cache + 5. Call getent passwd user + 6. Call sssctl analyze request list, also with -v + 7. Find "CID #1" and "getent" in result + :expectedresults: + 1. Called successfully, information is stored in logs + 2. Called successfully + 3. Strings found + 4. Cache cleared + 5. Called successfully + 6. Called successfully + 7. Strings found + :customerscenario: True + """ + ldap.user("user1").add() + ldap.group("group1").add() + client.sssd.nss["debug_level"] = "9" + client.sssd.pam["debug_level"] = "9" + client.sssd.domain["debug_level"] = "9" + client.sssd.start() + + assert client.tools.getent.group("group1"), "getent group1 failed" + assert client.tools.id("user1"), "id user1 failed" + + res = client.sssctl.analyze_request("list") + assert res.rc == 0, "sssctl analyze call failed" + assert "getent" in res.stdout, "'getent' not found in analyze list output" + assert " id" in res.stdout or "coreutils" in res.stdout, "' id' or 'coreutils' not found in analyze list output" + res = client.sssctl.analyze_request("list -v") + assert res.rc == 0, "sssctl analyze call failed" + assert "getent" in res.stdout, "'getent' not found in analyze list -v output" + assert " id" in res.stdout or "coreutils" in res.stdout, "' id' or 'coreutils' not found in analyze list -v output" + + client.sssd.stop() + client.sssd.clear(db=True, memcache=True, logs=True) + client.sssd.start() + + assert client.tools.getent.passwd("user1") + res = client.sssctl.analyze_request("list") + assert res.rc == 0, "sssctl analyze call failed" + assert "CID #1" in res.stdout, "CID #1 not found in analyze list -v output" + assert "getent" in res.stdout, "getent not found in analyze list -v output" + res = client.sssctl.analyze_request("list -v") + assert res.rc == 0, "sssctl analyze call failed" + assert "CID #1" in res.stdout, "CID #1 not found in analyze list -v output" + assert "getent" in res.stdout, "getent not found in analyze list -v output" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1294670, gh=6298) +@pytest.mark.topology(KnownTopology.LDAP) +def test_sssctl_analyze__non_default_log_location(client: Client, ldap: LDAP): + """ + :title: "sssctl analyze" parse sssd logs from non-default location when SSSD is not running + :setup: + 1. Add user + 2. Enable debug_level to 9 in the 'nss', 'pam' and domain section + 3. Start SSSD + :steps: + 1. Call id user1 and login user via ssh + 2. Copy sssd logs to diferent location + 3. Stop sssd and remove config, logs and cache + 4. sssctl analyze --logdir PATH parse logs from PATH location + :expectedresults: + 1. Information is stored in logs + 2. Copied successfully + 3. Stopped and cleared successfully + 4. Output is correct + :customerscenario: True + """ + ldap.user("user1").add(password="Secret123") + client.sssd.nss["debug_level"] = "9" + client.sssd.pam["debug_level"] = "9" + client.sssd.domain["debug_level"] = "9" + client.sssd.start() + + assert client.tools.id("user1@test"), "call 'id user1@test' failed" + client.ssh("user1", "Secret123").connect() + + client.fs.copy("/var/log/sssd", "/tmp/copy/") + client.sssd.stop() + client.sssd.clear(config=True, logs=True) + + res = client.sssctl.analyze_request(command="show 1 --pam", logdir="/tmp/copy/") + assert "SSS_PAM_AUTHENTICATE" in res.stdout + assert "SSS_PAM_ACCT_MGMT" in res.stdout + assert "SSS_PAM_SETCRED" in res.stdout + + res = client.sssctl.analyze_request(command="list", logdir="/tmp/copy/") + assert " id" in res.stdout or "coreutils" in res.stdout, "' id' or 'coreutils' not found in analyze list output" + assert "sshd" in res.stdout or "coreutils" in res.stdout, "sshd or coreutils not found in output" + + res = client.sssctl.analyze_request(command="list -v", logdir="/tmp/copy/") + assert " id" in res.stdout or "coreutils" in res.stdout, "' id' or 'coreutils' not found in analyze list -v output" + assert "sshd" in res.stdout or "coreutils" in res.stdout, "sshd or coreutils not found in output" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1294670) +@pytest.mark.topology(KnownTopology.LDAP) +def test_sssctl_analyze__pam_logs(client: Client, ldap: LDAP): + """ + :title: "sssctl analyze" to parse pam authentication requests from logs + :setup: + 1. Add user + 2. Enable debug_level to 9 in the 'nss', 'pam' and domain section + 3. Start SSSD + 4. Log in as user via ssh + :steps: + 1. sssctl analyze with --pam option + 2. Result of command is login related + :expectedresults: + 1. Called successfully + 2. Output is login related + :customerscenario: True + """ + ldap.user("user1").add() + client.sssd.nss["debug_level"] = "9" + client.sssd.pam["debug_level"] = "9" + client.sssd.start() + + client.ssh("user1", "Secret123").connect() + + result = client.sssctl.analyze_request("show 1 --pam") + assert result.rc == 0 + assert "CID #1" in result.stdout + + assert "SSS_PAM_AUTHENTICATE" in result.stdout + assert "SSS_PAM_ACCT_MGMT" in result.stdout + assert "SSS_PAM_SETCRED" in result.stdout + + +@pytest.mark.tools +@pytest.mark.ticket(bz=2013259) +@pytest.mark.topology(KnownTopology.LDAP) +def test_sssctl_analyze__tevent_id(client: Client, ldap: LDAP): + """ + :title: "sssctl analyze" to parse tevent chain IDs from logs + :setup: + 1. Add user + 2. Enable debug_level to 9 in the 'nss', 'pam' and domain section + 3. Start SSSD + 4. Log in as user via ssh + :steps: + 1. Call sssctl analyze request show 1 --pam + 2. Confirm tevent chain IDs(RID) is showing in logs + :expectedresults: + 1. Called successfully + 2. Output is correct + :customerscenario: True + """ + ldap.user("user1").add() + client.sssd.nss["debug_level"] = "9" + client.sssd.pam["debug_level"] = "9" + client.sssd.domain["debug_level"] = "9" + client.sssd.start() + + client.ssh("user1", "Secret123").connect() + + result = client.sssctl.analyze_request("show 1 --pam") + assert result.rc == 0 + assert "RID#" in result.stdout, "RID# was not found in the output" + assert "user1@test" in result.stdout, "user1@test was not found in the output" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=2013260) +@pytest.mark.topology(KnownTopology.LDAP) +def test_sssctl_analyze__parse_child_logs(client: Client, ldap: LDAP): + """ + :title: "sssctl analyze" to parse child logs + :setup: + 1. Add user + 2. Enable debug_level to 9 in the 'nss', 'pam' and domain section + 3. Start SSSD + :steps: + 1. Log in as user via ssh + 2. Call sssctl analyze to check logs + 3. Clear cache and restart SSSD + 4. Log in as user via ssh with wrong password + 5. Call sssctl analyze to check logs + :expectedresults: + 1. Logged in successfully + 2. Logs contain login related logs + 3. Succesfully + 4. Failed to login + 5. Logs contain info about failed login + :customerscenario: True + """ + ldap.user("user1").add() + client.sssd.nss["debug_level"] = "9" + client.sssd.pam["debug_level"] = "9" + client.sssd.domain["debug_level"] = "9" + client.sssd.start() + + client.ssh("user1", "Secret123").connect() + + result = client.sssctl.analyze_request("show --pam --child 1") + assert result.rc == 0 + assert "user1@test" in result.stdout + assert "SSS_PAM_AUTHENTICATE" in result.stdout + + client.sssd.stop() + client.sssd.clear(db=True, memcache=True, logs=True) + client.sssd.start() + time.sleep(5) + + with pytest.raises(SSHAuthenticationError): + client.ssh("user1", "Wrong").connect() + result = client.sssctl.analyze_request("show --pam --child 1") + assert ( + "Authentication failure to the client" in result.stdout + ), "'Authentication failure to the client' was not found" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=[2142960, 2142794, 2142961]) +@pytest.mark.topology(KnownTopology.LDAP) +def test_sssctl_analyze__root_privileges(client: Client, ldap: LDAP): + """ + :title: "sssctl analyze" command does not require "root" privileges + :setup: + 1. Add user with proper password + 2. Start SSSD + 3. Fetch information about user + 4. Copy logs to different location + 5. Change ownership of copied file to user + :steps: + 1. Call "sssctl analyze --logdir /tmp/copy request show 1" as root + 2. Call "sssctl analyze --logdir /tmp/copy request show 1" as user + 3. Check that outputs match + 4. Username is stored in outputs + :expectedresults: + 1. Called successfully + 2. Called successfully + 3. Outputs are the same + 4. Username is stored in outputs + :customerscenario: True + """ + ldap.user("user1").add(password="Secret123") + client.sssd.start() + client.tools.id("user1") + client.fs.copy("/var/log/sssd", "/tmp/copy/") + client.fs.chown("/tmp/copy", "user1", args=["--recursive"]) + + result_root = client.sssctl.analyze_request(command="show 1", logdir="/tmp/copy") + result_user = client.ssh("user1", "Secret123").run("sssctl analyze --logdir /tmp/copy request show 1") + assert result_root.rc == 0, "sssctl analyze call failed as root" + assert result_user.rc == 0, "sssctl analyze call failed as user1" + assert result_root.stdout == result_user.stdout, "the outputs are different" + assert "user1" in result_user.stdout, "user1 is not in the outputs" diff --git a/src/tests/system/tests/test_sudo.py b/src/tests/system/tests/test_sudo.py index 92ebffa1f60..cf53e56f54d 100644 --- a/src/tests/system/tests/test_sudo.py +++ b/src/tests/system/tests/test_sudo.py @@ -1,3 +1,9 @@ +""" +SUDO responder tests. + +:requirement: sudo +""" + from __future__ import annotations import re @@ -13,7 +19,8 @@ from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup -@pytest.mark.tier(0) +@pytest.mark.importance("critical") +@pytest.mark.authorization @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_sudo__user_allowed(client: Client, provider: GenericProvider): """ @@ -50,7 +57,8 @@ def test_sudo__user_allowed(client: Client, provider: GenericProvider): assert not client.auth.sudo.run("user-2", "Secret123", command="/bin/ls /root") -@pytest.mark.tier(0) +@pytest.mark.importance("critical") +@pytest.mark.authorization @pytest.mark.topology(KnownTopology.AD) @pytest.mark.topology(KnownTopology.LDAP) @pytest.mark.topology(KnownTopology.Samba) @@ -96,7 +104,8 @@ def test_sudo__duplicate_sudo_user(client: Client, provider: GenericProvider): assert not client.auth.sudo.run("user-4", "Secret123", command="/bin/ls /root") -@pytest.mark.tier(0) +@pytest.mark.importance("critical") +@pytest.mark.authorization @pytest.mark.ticket(bz=1380436, gh=4236) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_sudo__case_sensitive_false(client: Client, provider: GenericProvider): @@ -143,7 +152,8 @@ def test_sudo__case_sensitive_false(client: Client, provider: GenericProvider): assert client.auth.sudo.run("USER-1", "Secret123", command="/bin/more /root/test") -@pytest.mark.tier(0) +@pytest.mark.importance("critical") +@pytest.mark.authorization @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_sudo__rules_refresh(client: Client, provider: GenericProvider): """ @@ -179,7 +189,8 @@ def test_sudo__rules_refresh(client: Client, provider: GenericProvider): assert client.auth.sudo.list("user-1", "Secret123", expected=["(root) /bin/less"]) -@pytest.mark.tier(0) +@pytest.mark.importance("critical") +@pytest.mark.authorization @pytest.mark.ticket(bz=1372440, gh=4236) @pytest.mark.contains_workaround_for(gh=4483) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) @@ -216,7 +227,8 @@ def test_sudo__sudo_user_is_group(client: Client, provider: GenericProvider): assert client.auth.sudo.run("user-1", "Secret123", command="/bin/ls /root") -@pytest.mark.tier(0) +@pytest.mark.importance("critical") +@pytest.mark.authorization @pytest.mark.ticket(bz=1826272, gh=5119) @pytest.mark.topology(KnownTopologyGroup.AnyAD) def test_sudo__sudo_user_is_nonposix_group(client: Client, provider: GenericADProvider): @@ -249,7 +261,8 @@ def test_sudo__sudo_user_is_nonposix_group(client: Client, provider: GenericADPr assert client.auth.sudo.run("user-1", "Secret123", command="/bin/ls /root") -@pytest.mark.tier(0) +@pytest.mark.importance("critical") +@pytest.mark.authorization @pytest.mark.ticket(bz=1910131) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_sudo__runasuser_shortname(client: Client, provider: GenericADProvider): @@ -277,7 +290,8 @@ def test_sudo__runasuser_shortname(client: Client, provider: GenericADProvider): assert client.auth.sudo.list("user-1", "Secret123", expected=["(user-2) /bin/ls"]) -@pytest.mark.tier(0) +@pytest.mark.importance("critical") +@pytest.mark.authorization @pytest.mark.topology(KnownTopology.AD) @pytest.mark.topology(KnownTopology.LDAP) @pytest.mark.topology(KnownTopology.Samba) @@ -310,7 +324,8 @@ def test_sudo__runasuser_fqn(client: Client, provider: GenericProvider): assert client.auth.sudo.list("user-1", "Secret123", expected=["(user-2) /bin/ls"]) -@pytest.mark.tier(0) +@pytest.mark.importance("low") +@pytest.mark.authorization @pytest.mark.topology(KnownTopology.LDAP) def test_sudo__sudonotbefore_shorttime(client: Client, provider: LDAP): """ @@ -365,8 +380,9 @@ def fulltime(t: datetime) -> str: ) +@pytest.mark.importance("low") +@pytest.mark.authorization @pytest.mark.slow(seconds=15) -@pytest.mark.tier(2) @pytest.mark.ticket(bz=1925514, gh=5609) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_sudo__refresh_random_offset(client: Client): @@ -406,8 +422,9 @@ def test_sudo__refresh_random_offset(client: Client): assert len(full) > 1 +@pytest.mark.importance("low") +@pytest.mark.authorization @pytest.mark.slow(seconds=10) -@pytest.mark.tier(2) @pytest.mark.ticket(bz=1925505, gh=5604) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) @pytest.mark.parametrize(["full_interval", "smart_interval"], [(2, 1), (3, 2)]) @@ -474,7 +491,8 @@ def is_smart_skipped(line: str) -> bool: is_skipped = True -@pytest.mark.tier(0) +@pytest.mark.importance("high") +@pytest.mark.authorization @pytest.mark.ticket(bz=1294670, gh=3969) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_sudo__local_users_negative_cache(client: Client, provider: LDAP): diff --git a/src/tests/system/tests/test_trust_identity.py b/src/tests/system/tests/test_trust_identity.py new file mode 100644 index 00000000000..9076b87249d --- /dev/null +++ b/src/tests/system/tests/test_trust_identity.py @@ -0,0 +1,61 @@ +""" +Identity of trusted users and groups. + +:requirement: IDM-SSSD-REQ: Testing SSSD in IPA Provider +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.generic import GenericADProvider +from sssd_test_framework.roles.ipa import IPA +from sssd_test_framework.topology import KnownTopologyGroup + + +@pytest.mark.importance("low") +@pytest.mark.ticket(jira="RHEL-3925", gh=6942) +@pytest.mark.topology(KnownTopologyGroup.IPATrust) +def test_trust_identity__group_without_sid(ipa: IPA, trusted: GenericADProvider): + """ + :title: Subdomain goes offline if IPA group is missing SID + :setup: + 1. Create IPA external group "external-group" and add AD user "Administrator" as a member + 2. Create IPA posix group "posix-group" and add "external-group" as a member + 3. Clear SSSD cache and logs on IPA server + 4. Restart SSSD on IPA server + :steps: + 1. Resolve user "Administrator@addomain" + 2. Expire user "Administrator@addomain" + 3. Resolve user "Administrator@addomain" + 4. Run "sssctl domain-status addomain" + :expectedresults: + 1. User is resolved and member of posix-group + 2. User is expired in SSSD cache + 3. User is resolved and member of posix-group + 4. The Active Directory domain is still online + :customerscenario: True + """ + username = trusted.fqn("administrator") + external = ipa.group("external-group").add(external=True).add_member(username) + ipa.group("posix-group").add(gid=5001).add_member(external) + + ipa.sssd.clear(db=True, memcache=True, logs=True) + ipa.sssd.restart() + + # Cache trusted user + result = ipa.tools.id(username) + assert result is not None + assert result.user.name == username + assert result.memberof("posix-group") + + # Expire the user and resolve it again, this will trigger the affected code path + ipa.sssctl.cache_expire(user=username) + result = ipa.tools.id(username) + assert result is not None + assert result.user.name == username + assert result.memberof("posix-group") + + # Check that SSSD did not go offline + status = ipa.sssctl.domain_status(trusted.domain, online=True) + assert "online status: offline" not in status.stdout.lower() + assert "online status: online" in status.stdout.lower() diff --git a/src/tests/util-tests.c b/src/tests/util-tests.c index 7f3a0d1bda5..d0a1c6e57a4 100644 --- a/src/tests/util-tests.c +++ b/src/tests/util-tests.c @@ -105,7 +105,7 @@ START_TEST(test_string_in_list) ck_assert_msg(!is_in, "String is in empty list."); is_in = string_in_list("ABC", list, false); - ck_assert_msg(is_in, "String is not list."); + ck_assert_msg(is_in, "String is not in list."); is_in = string_in_list("abc", list, false); ck_assert_msg(is_in, "String is not case in-sensitive list."); @@ -119,6 +119,48 @@ START_TEST(test_string_in_list) } END_TEST +START_TEST(test_string_in_list_size) +{ + bool is_in; + const char *empty_list[] = {}; + size_t empty_list_size = 0; + const char *list[] = {discard_const("ABC"), + discard_const("DEF"), + discard_const("GHI")}; + size_t list_size = sizeof(list) / sizeof(list[0]); + + is_in = string_in_list_size(NULL, NULL, 0, false); + ck_assert_msg(!is_in, "NULL string is in NULL list."); + + is_in = string_in_list_size(NULL, empty_list, empty_list_size, false); + ck_assert_msg(!is_in, "NULL string is in empty list."); + + is_in = string_in_list_size(NULL, list, list_size, false); + ck_assert_msg(!is_in, "NULL string is in list."); + + is_in = string_in_list_size("ABC", NULL, 0, false); + ck_assert_msg(!is_in, "String is in NULL list."); + + is_in = string_in_list_size("ABC", empty_list, empty_list_size, false); + ck_assert_msg(!is_in, "String is in empty list."); + + is_in = string_in_list_size("ABC", list, list_size, false); + ck_assert_msg(is_in, "String is not in list."); + + is_in = string_in_list_size("abc", list, list_size, false); + ck_assert_msg(is_in, "String is not case in-sensitive list."); + + is_in = string_in_list_size("abc", list, list_size, true); + ck_assert_msg(!is_in, "Wrong string found in case sensitive list."); + + is_in = string_in_list_size("123", list, list_size, false); + ck_assert_msg(!is_in, "Wrong string found in list."); + + is_in = string_in_list_size("GHI", list, list_size - 1, false); + ck_assert_msg(!is_in, "Size limit not respected."); +} +END_TEST + START_TEST(test_parse_args) { struct pa_testcase { @@ -1121,6 +1163,7 @@ Suite *util_suite(void) tcase_add_test (tc_util, test_parse_args); tcase_add_test (tc_util, test_add_string_to_list); tcase_add_test (tc_util, test_string_in_list); + tcase_add_test (tc_util, test_string_in_list_size); tcase_add_test (tc_util, test_split_on_separator); tcase_add_test (tc_util, test_check_ipv4_addr); tcase_add_test (tc_util, test_check_ipv6_addr); diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c index 855260aedd2..85d0d0925f4 100644 --- a/src/tools/sssctl/sssctl.c +++ b/src/tools/sssctl/sssctl.c @@ -317,7 +317,7 @@ int main(int argc, const char **argv) SSS_TOOL_DELIMITER("SSSD Status:"), SSS_TOOL_COMMAND("domain-list", "List available domains", 0, sssctl_domain_list), SSS_TOOL_COMMAND("domain-status", "Print information about domain", 0, sssctl_domain_status), - SSS_TOOL_COMMAND("user-checks", "Print information about a user and check authentication", 0, sssctl_user_checks), + SSS_TOOL_COMMAND_FLAGS("user-checks", "Print information about a user and check authentication", 0, sssctl_user_checks, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK), SSS_TOOL_COMMAND("access-report", "Generate access report for a domain", 0, sssctl_access_report), SSS_TOOL_DELIMITER("Information about cached content:"), SSS_TOOL_COMMAND("user-show", "Information about cached user", 0, sssctl_user_show), @@ -340,9 +340,9 @@ int main(int argc, const char **argv) SSS_TOOL_COMMAND_FLAGS("config-check", "Perform static analysis of SSSD configuration", 0, sssctl_config_check, SSS_TOOL_FLAG_SKIP_CMD_INIT), #endif SSS_TOOL_DELIMITER("Certificate related tools:"), - SSS_TOOL_COMMAND("cert-show", "Print information about the certificate", 0, sssctl_cert_show), + SSS_TOOL_COMMAND_FLAGS("cert-show", "Print information about the certificate", 0, sssctl_cert_show, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK), SSS_TOOL_COMMAND("cert-map", "Show users mapped to the certificate", 0, sssctl_cert_map), - SSS_TOOL_COMMAND("cert-eval-rule", "Check mapping and matching rule with a certificate", 0, sssctl_cert_eval_rule), + SSS_TOOL_COMMAND_FLAGS("cert-eval-rule", "Check mapping and matching rule with a certificate", 0, sssctl_cert_eval_rule, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK), #ifdef BUILD_PASSKEY SSS_TOOL_DELIMITER("Passkey related tools:"), SSS_TOOL_COMMAND_FLAGS("passkey-register", "Perform passkey registration", 0, sssctl_passkey_register, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK), diff --git a/src/util/atomic_io.c b/src/util/atomic_io.c index 589dfa4d4e4..7cc4304d184 100644 --- a/src/util/atomic_io.c +++ b/src/util/atomic_io.c @@ -87,7 +87,11 @@ ssize_t sss_atomic_read_safe_s(int fd, void *buf, size_t buf_len, size_t *_len) } if (ulen > buf_len) { - return ERANGE; + if (_len != NULL) { + *_len = ulen; + } + errno = ERANGE; + return -1; } if (_len != NULL) { diff --git a/src/util/check_file.c b/src/util/check_file.c index 27edcfa8b2a..2203a41c328 100644 --- a/src/util/check_file.c +++ b/src/util/check_file.c @@ -28,7 +28,8 @@ #include "util/util.h" -static errno_t perform_checks(struct stat *stat_buf, +static errno_t perform_checks(const char *filename, + struct stat *stat_buf, uid_t uid, gid_t gid, mode_t mode, mode_t mask); @@ -53,15 +54,16 @@ errno_t check_file(const char *filename, } if (ret == -1) { ret = errno; - DEBUG(SSSDBG_TRACE_FUNC, "lstat for [%s] failed: [%d][%s].\n", + DEBUG(SSSDBG_TRACE_FUNC, "lstat for '%s' failed: [%d][%s].\n", filename, ret, strerror(ret)); return ret; } - return perform_checks(stat_buf, uid, gid, mode, mask); + return perform_checks(filename, stat_buf, uid, gid, mode, mask); } -static errno_t perform_checks(struct stat *stat_buf, +static errno_t perform_checks(const char *filename, + struct stat *stat_buf, uid_t uid, gid_t gid, mode_t mode, mode_t mask) { @@ -74,25 +76,28 @@ static errno_t perform_checks(struct stat *stat_buf, } if ((mode & S_IFMT) != (st_mode & S_IFMT)) { - DEBUG(SSSDBG_TRACE_LIBS, "File is not the right type.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "File '%s' is not of the right type.\n", + filename); return EINVAL; } if ((st_mode & ALLPERMS) != (mode & ALLPERMS)) { DEBUG(SSSDBG_TRACE_LIBS, - "File has the wrong (bit masked) mode [%.7o], " - "expected [%.7o].\n", + "File '%s' has the wrong (bit masked) mode [%.7o], " + "expected [%.7o].\n", filename, (st_mode & ALLPERMS), (mode & ALLPERMS)); return EINVAL; } if (uid != (uid_t)(-1) && stat_buf->st_uid != uid) { - DEBUG(SSSDBG_TRACE_LIBS, "File must be owned by uid [%d].\n", uid); + DEBUG(SSSDBG_TRACE_LIBS, "File '%s' must be owned by uid [%d].\n", + filename, uid); return EINVAL; } if (gid != (gid_t)(-1) && stat_buf->st_gid != gid) { - DEBUG(SSSDBG_TRACE_LIBS, "File must be owned by gid [%d].\n", gid); + DEBUG(SSSDBG_TRACE_LIBS, "File '%s' must be owned by gid [%d].\n", + filename, gid); return EINVAL; } diff --git a/src/util/child_common.c b/src/util/child_common.c index 10af560782a..1dbf95b7a7e 100644 --- a/src/util/child_common.c +++ b/src/util/child_common.c @@ -509,7 +509,7 @@ static void _read_pipe_handler(struct tevent_context *ev, struct _read_pipe_state *state; ssize_t size; errno_t err; - uint8_t buf[CHILD_MSG_CHUNK]; + uint8_t *buf; size_t len = 0; state = tevent_req_data(req, struct _read_pipe_state); @@ -521,8 +521,23 @@ static void _read_pipe_handler(struct tevent_context *ev, return; } + buf = talloc_array(state, uint8_t, CHILD_MSG_CHUNK); + if (buf == NULL) { + tevent_req_error(req, ENOMEM); + return; + } + if (state->safe) { size = sss_atomic_read_safe_s(state->fd, buf, CHILD_MSG_CHUNK, &len); + if (size == -1 && errno == ERANGE) { + buf = talloc_realloc(state, buf, uint8_t, len); + if(!buf) { + tevent_req_error(req, ENOMEM); + return; + } + + size = sss_atomic_read_s(state->fd, buf, len); + } } else { size = sss_atomic_read_s(state->fd, buf, CHILD_MSG_CHUNK); } @@ -532,7 +547,6 @@ static void _read_pipe_handler(struct tevent_context *ev, "read failed [%d][%s].\n", err, strerror(err)); tevent_req_error(req, err); return; - } else if (size > 0) { state->buf = talloc_realloc(state, state->buf, uint8_t, state->len + size); @@ -638,7 +652,7 @@ static void child_sig_handler(struct tevent_context *ev, "waitpid failed [%d][%s].\n", err, strerror(err)); } else if (ret == 0) { DEBUG(SSSDBG_CRIT_FAILURE, - "waitpid did not found a child with changed status.\n"); + "waitpid did not find a child with changed status.\n"); } else { if (WIFEXITED(child_ctx->child_status)) { if (WEXITSTATUS(child_ctx->child_status) != 0) { diff --git a/src/util/file_watch.c b/src/util/file_watch.c index b994e41163a..d19fdccd608 100644 --- a/src/util/file_watch.c +++ b/src/util/file_watch.c @@ -121,7 +121,10 @@ static int watched_file_inotify_cb(const char *filename, uint32_t flags, void *pvt) { + static char received[PATH_MAX + 1]; + static char expected[PATH_MAX + 1]; struct file_watch_ctx *fw_ctx; + char *res; DEBUG(SSSDBG_TRACE_LIBS, "Received inotify notification for %s\n", filename); @@ -131,15 +134,32 @@ static int watched_file_inotify_cb(const char *filename, return EINVAL; } - if (strcmp(fw_ctx->filename, filename) == 0) { - if (access(fw_ctx->filename, F_OK) == 0) { - fw_ctx->cb(fw_ctx->filename, fw_ctx->cb_arg); + res = realpath(fw_ctx->filename, expected); + if (res == NULL) { + DEBUG(SSSDBG_TRACE_LIBS, + "Normalization failed for expected %s. Skipping the callback.\n", + fw_ctx->filename); + goto done; + } + + res = realpath(filename, received); + if (res == NULL) { + DEBUG(SSSDBG_TRACE_LIBS, + "Normalization failed for received %s. Skipping the callback.\n", + filename); + goto done; + } + + if (strcmp(expected, received) == 0) { + if (access(received, F_OK) == 0) { + fw_ctx->cb(received, fw_ctx->cb_arg); } else { DEBUG(SSSDBG_TRACE_LIBS, "File %s is missing. Skipping the callback.\n", filename); } } +done: return EOK; } diff --git a/src/util/server.c b/src/util/server.c index 76a558fb512..34e8a6df722 100644 --- a/src/util/server.c +++ b/src/util/server.c @@ -502,6 +502,8 @@ int server_setup(const char *name, bool is_responder, sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_RID); } + talloc_enable_null_tracking(); + autofree_ctx = talloc_named_const(NULL, 0, "autofree_context"); if (autofree_ctx == NULL) { return ENOMEM; diff --git a/src/util/sss_iobuf.c b/src/util/sss_iobuf.c index 3056a7b0db3..bd8d2f3a28f 100644 --- a/src/util/sss_iobuf.c +++ b/src/util/sss_iobuf.c @@ -30,7 +30,7 @@ struct sss_iobuf *sss_iobuf_init_empty(TALLOC_CTX *mem_ctx, return NULL; } - buf = talloc_zero_array(iobuf, uint8_t, size); + buf = talloc_array(iobuf, uint8_t, size); if (buf == NULL) { talloc_free(iobuf); return NULL; @@ -43,7 +43,6 @@ struct sss_iobuf *sss_iobuf_init_empty(TALLOC_CTX *mem_ctx, iobuf->data = buf; iobuf->size = size; iobuf->capacity = capacity; - iobuf->dp = 0; return iobuf; } @@ -80,7 +79,6 @@ struct sss_iobuf *sss_iobuf_init_steal(TALLOC_CTX *mem_ctx, iobuf->data = talloc_steal(iobuf, data); iobuf->size = size; iobuf->capacity = size; - iobuf->dp = 0; return iobuf; } diff --git a/src/util/sss_iobuf.h b/src/util/sss_iobuf.h index 159fbc0b9ff..01f0f45c8b3 100644 --- a/src/util/sss_iobuf.h +++ b/src/util/sss_iobuf.h @@ -23,6 +23,8 @@ struct sss_iobuf; * Use 0 for an 'unlimited' buffer that will grow * until SIZE_MAX/2. * + * @warning The allocated data storage will not be zeroed. + * * @return The newly created buffer on success or NULL on an error. * */ @@ -44,6 +46,8 @@ struct sss_iobuf *sss_iobuf_init_empty(TALLOC_CTX *mem_ctx, * data is copied into the iobuf-owned buffer. * @param[in] size The size of the data buffer * + * @warning The allocated data storage will not be zeroed. + * * @return The newly created buffer on success or NULL on an error. */ struct sss_iobuf *sss_iobuf_init_readonly(TALLOC_CTX *mem_ctx, diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index 6c4a908b74b..3f57e5b268f 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -279,8 +279,8 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx, (error_message ? error_message : sss_strerror(ret))); } if (keytab) krb5_kt_close(krb_ctx, keytab); - if (krb_ctx) krb5_free_context(krb_ctx); if (client_princ) krb5_free_principal(krb_ctx, client_princ); + if (krb_ctx) krb5_free_context(krb_ctx); talloc_free(tmp_ctx); return ret; } diff --git a/src/util/sss_pam_data.h b/src/util/sss_pam_data.h index d80ab311951..e9b90a8a4e5 100644 --- a/src/util/sss_pam_data.h +++ b/src/util/sss_pam_data.h @@ -74,6 +74,7 @@ struct pam_data { #ifdef USE_KEYRING key_serial_t key_serial; #endif + bool passkey_local_done; }; /** diff --git a/src/util/usertools.c b/src/util/usertools.c index 40c14103296..8084760a03e 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -860,16 +860,17 @@ void sss_set_sssd_user_eid(void) if (geteuid() == 0) { sss_sssd_user_uid_and_gid(&uid, &gid); - if (seteuid(uid) != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - "Failed to set euid to %"SPRIuid": %s\n", - uid, sss_strerror(errno)); - } + if (setegid(gid) != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, + DEBUG(SSSDBG_IMPORTANT_INFO, "Failed to set egid to %"SPRIgid": %s\n", gid, sss_strerror(errno)); } + if (seteuid(uid) != EOK) { + DEBUG(SSSDBG_IMPORTANT_INFO, + "Failed to set euid to %"SPRIuid": %s\n", + uid, sss_strerror(errno)); + } } } @@ -877,12 +878,12 @@ void sss_restore_sssd_user_eid(void) { if (getuid() == 0) { if (seteuid(getuid()) != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, + DEBUG(SSSDBG_IMPORTANT_INFO, "Failed to restore euid: %s\n", sss_strerror(errno)); } if (setegid(getgid()) != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, + DEBUG(SSSDBG_IMPORTANT_INFO, "Failed to restore egid: %s\n", sss_strerror(errno)); } diff --git a/src/util/util.c b/src/util/util.c index 1ed526ec3ab..6546b6027c4 100644 --- a/src/util/util.c +++ b/src/util/util.c @@ -674,14 +674,17 @@ const char * const * get_known_services(void) return svc; } -errno_t add_strings_lists(TALLOC_CTX *mem_ctx, const char **l1, const char **l2, - bool copy_strings, char ***_new_list) +errno_t add_strings_lists_ex(TALLOC_CTX *mem_ctx, + const char **l1, const char **l2, + bool copy_strings, bool skip_dups, + const char ***_new_list) { size_t c; + size_t n; size_t l1_count = 0; size_t l2_count = 0; size_t new_count = 0; - char **new; + const char **new; int ret; if (l1 != NULL) { @@ -694,29 +697,49 @@ errno_t add_strings_lists(TALLOC_CTX *mem_ctx, const char **l1, const char **l2, new_count = l1_count + l2_count; - new = talloc_array(mem_ctx, char *, new_count + 1); + new = talloc_zero_array(mem_ctx, const char *, new_count + 1); if (new == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_array failed.\n"); return ENOMEM; } - new [new_count] = NULL; - if (copy_strings) { + if (copy_strings || skip_dups) { + n = 0; for(c = 0; c < l1_count; c++) { - new[c] = talloc_strdup(new, l1[c]); - if (new[c] == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); - ret = ENOMEM; - goto done; + if (skip_dups) { + if (string_in_list_size(l1[c], new, n, false)) { + continue; + } + } + if (copy_strings) { + new[n] = talloc_strdup(new, l1[c]); + if (new[n] == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); + ret = ENOMEM; + goto done; + } + } else { + new[n] = discard_const(l1[c]); } + n++; } for(c = 0; c < l2_count; c++) { - new[l1_count + c] = talloc_strdup(new, l2[c]); - if (new[l1_count + c] == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); - ret = ENOMEM; - goto done; + if (skip_dups) { + if (string_in_list_size(l2[c], new, n, false)) { + continue; + } + } + if (copy_strings) { + new[n] = talloc_strdup(new, l2[c]); + if (new[n] == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); + ret = ENOMEM; + goto done; + } + } else { + new[n] = discard_const(l2[c]); } + n++; } } else { if (l1 != NULL) { diff --git a/src/util/util.h b/src/util/util.h index 68302bb725d..f3a4926931a 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -188,8 +188,8 @@ void sss_log(int priority, const char *format, ...) SSS_ATTRIBUTE_PRINTF(2, 3); void sss_log_ext(int priority, int facility, const char *format, ...) SSS_ATTRIBUTE_PRINTF(3, 4); /* from server.c */ -#define DEBUG_CHAIN_ID_FMT_RID "[RID#%lu] %s" -#define DEBUG_CHAIN_ID_FMT_CID "[CID#%lu] %s" +#define DEBUG_CHAIN_ID_FMT_RID "[RID#%"PRIu64"] %s" +#define DEBUG_CHAIN_ID_FMT_CID "[CID#%"PRIu64"] %s" struct main_context { struct tevent_context *event_ctx; @@ -434,12 +434,30 @@ bool is_dbus_activated(void); * @param[in] copy_strings If set to 'true' the list items will be copied * otherwise only the pointers to the items are * copied. + * @param[in] skip_dups Whether the function should skip duplicate values. * @param[out] new_list New NULL-terminated list of strings. Must be freed * with talloc_free() by the caller. If copy_strings * is 'true' the new elements will be freed as well. */ -errno_t add_strings_lists(TALLOC_CTX *mem_ctx, const char **l1, const char **l2, - bool copy_strings, char ***_new_list); +errno_t add_strings_lists_ex(TALLOC_CTX *mem_ctx, + const char **l1, const char **l2, + bool copy_strings, bool skip_dups, + const char ***_new_list); + +/** + * @overload errno_t add_strings_lists_ex(TALLOC_CTX *mem_ctx, + * const char **l1, const char **l2, + * bool copy_strings, bool skip_dups, + * const char ***_new_list) + */ +static inline errno_t add_strings_lists(TALLOC_CTX *mem_ctx, + const char **l1, const char **l2, + bool copy_strings, + const char ***_new_list) +{ + return add_strings_lists_ex(mem_ctx, l1, l2, copy_strings, false, _new_list); +} + /** * @brief set file descriptor as nonblocking @@ -532,6 +550,9 @@ errno_t del_string_from_list(const char *string, bool string_in_list(const char *string, char **list, bool case_sensitive); +bool string_in_list_size(const char *string, const char **list, size_t size, + bool case_sensitive); + int domain_to_basedn(TALLOC_CTX *memctx, const char *domain, char **basedn); bool is_host_in_domain(const char *host, const char *domain); @@ -659,6 +680,15 @@ errno_t get_dom_names(TALLOC_CTX *mem_ctx, char ***_dom_names, int *_dom_names_count); +__attribute__((always_inline)) +static inline bool is_domain_provider(struct sss_domain_info *domain, + const char *provider) +{ + return domain != NULL && + domain->provider != NULL && + strcasecmp(domain->provider, provider) == 0; +} + /* Returns true if the provider used for the passed domain is the "files" * one. Otherwise returns false. */ __attribute__((always_inline)) @@ -770,6 +800,18 @@ int setup_watchdog(struct tevent_context *ev, int interval); void teardown_watchdog(void); int get_watchdog_ticks(void); +/* The arm_watchdog() and disarm_watchdog() calls will disable and re-enable + * the watchdog reset, respectively. This means that after arm_watchdog() is + * called the watchdog will not be resetted anymore and it will kill the + * process if disarm_watchdog() wasn't called before. + * Those calls should only be used when there is no other way to handle + * waiting request and recover into a stable state. + * Those calls cannot be nested, i.e. after calling arm_watchdog() it should + * not be called a second time in a different request because then + * disarm_watchdog() will disable the watchdog coverage for both. */ +void arm_watchdog(void); +void disarm_watchdog(void); + /* from files.c */ int sss_remove_tree(const char *root); int sss_remove_subtree(const char *root); diff --git a/src/util/util_errors.c b/src/util/util_errors.c index d6568a96b3b..a9e7cf7fdb6 100644 --- a/src/util/util_errors.c +++ b/src/util/util_errors.c @@ -93,6 +93,7 @@ struct err_string error_to_str[] = { { "p11_child timeout" }, /* ERR_P11_CHILD_TIMEOUT */ { "PIN locked" }, /* ERR_P11_PIN_LOCKED */ { "passkey_child failed" }, /* ERR_PASSKEY_CHILD */ + { "passkey_child timeout" }, /* ERR_PASSKEY_CHILD_TIMEOUT */ { "Address family not supported" }, /* ERR_ADDR_FAMILY_NOT_SUPPORTED */ { "Message sender is the bus" }, /* ERR_SBUS_SENDER_BUS */ { "Subdomain is inactive" }, /* ERR_SUBDOM_INACTIVE */ diff --git a/src/util/util_errors.h b/src/util/util_errors.h index 394ed2ab682..c3558a2d059 100644 --- a/src/util/util_errors.h +++ b/src/util/util_errors.h @@ -114,6 +114,7 @@ enum sssd_errors { ERR_P11_CHILD_TIMEOUT, ERR_P11_PIN_LOCKED, ERR_PASSKEY_CHILD, + ERR_PASSKEY_CHILD_TIMEOUT, ERR_ADDR_FAMILY_NOT_SUPPORTED, ERR_SBUS_SENDER_BUS, ERR_SUBDOM_INACTIVE, diff --git a/src/util/util_ext.c b/src/util/util_ext.c index 3ce03712358..c9839a907c5 100644 --- a/src/util/util_ext.c +++ b/src/util/util_ext.c @@ -147,6 +147,27 @@ bool string_in_list(const char *string, char **list, bool case_sensitive) return false; } +bool string_in_list_size(const char *string, const char **list, size_t size, + bool case_sensitive) +{ + size_t c; + int(*compare)(const char *s1, const char *s2); + + if (string == NULL || list == NULL || size == 0) { + return false; + } + + compare = case_sensitive ? strcmp : strcasecmp; + + for (c = 0; c < size; c++) { + if (compare(string, list[c]) == 0) { + return true; + } + } + + return false; +} + errno_t sss_filter_sanitize_ex(TALLOC_CTX *mem_ctx, const char *input, char **sanitized, diff --git a/src/util/util_watchdog.c b/src/util/util_watchdog.c index b1534e499c0..abafd94b91e 100644 --- a/src/util/util_watchdog.c +++ b/src/util/util_watchdog.c @@ -40,6 +40,7 @@ struct watchdog_ctx { time_t timestamp; struct tevent_fd *tfd; int pipefd[2]; + bool armed; /* if 'true' ticks counter will not be reset */ } watchdog_ctx; static void watchdog_detect_timeshift(void) @@ -89,8 +90,13 @@ static void watchdog_event_handler(struct tevent_context *ev, struct timeval current_time, void *private_data) { - /* first thing reset the watchdog ticks */ - watchdog_reset(); + if (!watchdog_ctx.armed) { + /* first thing reset the watchdog ticks */ + watchdog_reset(); + } else { + DEBUG(SSSDBG_IMPORTANT_INFO, + "Watchdog armed, process might be terminated soon.\n"); + } /* then set a new watchodg event */ watchdog_ctx.te = tevent_add_timer(ev, ev, @@ -197,6 +203,7 @@ int setup_watchdog(struct tevent_context *ev, int interval) watchdog_ctx.ev = ev; watchdog_ctx.input_interval = interval; watchdog_ctx.timestamp = time(NULL); + watchdog_ctx.armed = false; ret = pipe(watchdog_ctx.pipefd); if (ret == -1) { @@ -264,3 +271,20 @@ int get_watchdog_ticks(void) { return __sync_add_and_fetch(&watchdog_ctx.ticks, 0); } + +void arm_watchdog(void) +{ + if (watchdog_ctx.armed) { + DEBUG(SSSDBG_CRIT_FAILURE, + "arm_watchdog() is called although the watchdog is already armed. " + "This indicates a programming error and should be avoided because " + "it will most probably not work as expected.\n"); + } + + watchdog_ctx.armed = true; +} + +void disarm_watchdog(void) +{ + watchdog_ctx.armed = false; +} diff --git a/version.m4 b/version.m4 index 1a557b45c63..d371e185813 100644 --- a/version.m4 +++ b/version.m4 @@ -1,5 +1,5 @@ # Primary version number -m4_define([VERSION_NUMBER], [2.9.0]) +m4_define([VERSION_NUMBER], [2.9.4]) # If the PRERELEASE_VERSION_NUMBER is set, we'll append # it to the release tag when creating an RPM or SRPM